Overview
How To
Privacy Policy
CHARITYBEAT - Online system for making bids and donations
Protecting personal data is important to us. Personal data is therefore processed in accordance with the applicable European and national laws.
You can of course revoke your declaration(s) of consent at any time with future effect. To do this, please contact the data controller in accordance with Section 1.
The following privacy policy provides an overview of the kind of data that is collected, how it is used and shared, which security measures we take to protect your data, and how you can obtain details about the information provided to us.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject to process their personal data, Art. 6 para.1 clause 1 lit. a) of the EU General Data Protection Regulation (GDPR) shall serve as the legal basis.
For the processing of personal data required to fulfil a contract whose contractual partner is the data subject, Art. 6 para.1 clause lit. b GDPR shall serve as the legal basis. This shall also apply for processing required to complete pre-contractual activities.
Insofar as processing of personal data is required to fulfil a legal obligation to which we are subject, Art. 6 para. 1 clause 1 lit. c GDPR shall serve as the legal basis.
If processing is required to safeguard a legitimate interest of either our company or a third party and the interests, fundamental rights, or basic freedoms of the data subject do not outweigh the interest which was first stated, Art. 6 para.1 clause 1 lit. f) GDPR shall serve as the legal basis for processing.
Deletion and storage of data
Your personal data will be deleted or blocked as soon as the purpose for its storage no longer applies. Data may also be stored if this is stipulated by European or national legislators in union regulations, laws, or other provisions to which we are subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned regulations has elapsed unless further storage of the data is necessary for the conclusion or fulfillment of a contract.
§ 1 The data controller and the data protection officer
(1) Name and address of the data controller
(1) Name and address of the data controller
The data controller, within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States and provisions pertaining to data protection, is:
CHARITYBEAT
Geierstrasse 1
22305 Hamburg
Germany
Geierstrasse 1
22305 Hamburg
Germany
represented by Ms Sabrina Behm
E–Mail: info@charitybeat.com
Website: charitybeat.com
Telephone: +49 (40) 32510725
Website: charitybeat.com
Telephone: +49 (40) 32510725
§ 2 Definitions
This Privacy Policy is based on the terms which were used by the European regulator upon the adoption of the EU General Data Protection Regulation (hereinafter referred to as "GDPR"). This Privacy Policy should be easy to read and understand. To ensure this, important terms have been explained below:
a) Personal data is all information which relates to an identified or identifiable natural person (hereinafter referred to as the "data subject"). Identifiable refers to a person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or one or more characteristics specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
b) The data subject is any identified or identifiable person whose personal data is processed by the data controller for processing.
c) Processing is any operation or series of operations, completed with or without the help of an automated process, which is performed on personal data such as collection, recording, organisation, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or making available by any other means, comparison or linking, restriction, deletion or destruction.
d) Profiling refers to any form of automated processing of personal data which entails the use of personal data to evaluate certain personal aspects relating to a natural person, in particular analysing or predicting aspects pertaining to this natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
e) Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not attributed to an identified or identifiable natural person.
f) The data controller or the person responsible for processing is the natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of personal data either alone or jointly with others. Where the purposes and means of such processing are determined by either Union law or the law of Member States, either the data controller or the specific criteria for their appointment may be provided for in accordance with Union law or the law of Member States.
g) The processor is a legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
h) The recipient is a natural or legal person, public authority, agency or other body to which personal data is disclosed regardless of whether they are a third party. Public authorities which receive personal data within the framework of a specific inquiry in accordance with Union law or the law of Member States shall, however, not be regarded as recipients.
i) A third party is a natural or legal person, public authority, agency or body other than the data subject, data controller, processor and persons under the direct authority of the data controller or processor who are authorised to process personal data.
j) Consent is any unambiguous indication given freely in that specific case by the concerned individual in an informed manner in the form of a declaration or other clear affirmative act by which the data subject indicates that they consent to the processing of their personal data.
§ 3 Provision of the website and creation of log files
(1) When using the website for informational purposes only, that is, if you do not register or otherwise provide us with information, we automatically collect the following data and information each time the website is accessed from the computer system of the computer used to access the website:
(1) When using the website for informational purposes only, that is, if you do not register or otherwise provide us with information, we automatically collect the following data and information each time the website is accessed from the computer system of the computer used to access the website:
• The IP address of the requesting computer,
• The date and time of access
• The name and URL of the accessed file,
• The website from which access is made (referrer URL)
• The browser used and, if applicable, the operating system
• of your computer and the name of your access provider.
• The name and URL of the accessed file,
• The website from which access is made (referrer URL)
• The browser used and, if applicable, the operating system
• of your computer and the name of your access provider.
The data is also stored in our system's log files. This data is not stored together with any other personal data pertaining to the user.
(2) The legal basis for temporary storage of log files is Art. 6 para.. 1 clause lit. f) GDPR.
(3) Temporary IP address storage by the system is necessary to
a) enable delivery of the website to the user's computer. To this end, the IP address of the user must be stored for the duration of the session.
b) to optimise the contents of our website and the advertising of it
c) to ensure the functionality of our information technology systems and the technology of our website
d) to provide law enforcement authorities with the information necessary to enforce the law in the event of a cyber attack.
Log files are saved to ensure the functionality of the website. Data is also used to optimise the website and ensure the security of our information technology systems. We do not evaluate this data for marketing purposes.
These purposes also encompass our legitimate interest in data processing in accordance with Art. 6 para.1 S.1 lit. f) GDPR.
(4) The data is deleted as soon as it is no longer necessary to achieve the purpose of its collection - in this case with the end of the usage process.
If the data is stored in log files, data will be deleted after seven days at the latest. It may, however, be retained for a longer period. In this case, the user's IP addresses will be deleted or anonymised in such a way that it can no longer be attributed to the accessing client.
If the data is stored in log files, data will be deleted after seven days at the latest. It may, however, be retained for a longer period. In this case, the user's IP addresses will be deleted or anonymised in such a way that it can no longer be attributed to the accessing client.
(5) Collection of data for the provision of the website and the storage of data in log files is imperative for the operation of the website, so there is no inconsistency.
§ 4 Use of cookies
(1) This site uses cookies.
You will find a list of cookies with a description of those used below.
Cookies are small text files which, when you visit a website, are sent from a web server to your browser and stored locally on your end device (PC, notebook, tablet, smartphone, etc.), these are then stored on your computer and send the user (that being our company) certain information. Cookies are used to make the website more customer-friendly and secure, and collect in particular use-related information such as frequency of use, number of users on the pages and page usage patterns. Cookies do not damage your computer and do not contain viruses. This cookie contains a characteristic string of characters (a so-called cookie ID), which enables the browser to be clearly identified when the website is accessed again.
Cookies used
Cookies used
• A session cookie to technically enable the login. By default, this expires at the end of the session (when closing the browser).
• An additional cookie that contains the name of the last auction called in plain text. This is only used to provide technical support for user guidance, so tracking is not technically possible at all.
(2) Cookies are also saved when the browser session is ended and can be called up again when you visit the website again. However, cookies are stored on your computer and transmitted to our site from there. You therefore have full control over the use of cookies. If you do not want data to be collected via cookies, you can set your browser via the menu under "Settings" so that you are informed about the setting of cookies or that you can generally exclude the setting of cookies or delete cookies individually. It should be noted, however, that deactivating cookies may restrict the functionality of this website. As far as session cookies are concerned, they will be automatically deleted after you leave the website.
§ 5 User account registration
(1) We offer you the opportunity to register on our website by providing personal data. Data is entered into an input screen, transmitted to us, and then stored. This data will not be passed on to third parties unless this is required by law or for the purposes of criminal or legal prosecution.
The following data is collected during the registration process:
The following data is collected during the registration process:
• Email address
• Password chosen by you (your real name is not required, pseudonymous use is possible)
• Password chosen by you (your real name is not required, pseudonymous use is possible)
• First and last name
• Telephone
• Telephone
• IP address
• Date and time of registration
You can manage and modify all information in the protected customer area. As part of the registration process, the user's consent to processing this data is collected.
(2) We use the double opt-in procedure for registration. This means that after you register we will send you an email to the specified email address in which we ask you to confirm that you would like to be registered. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. We will also store your IP address and the time of registration and confirmation. The purpose of this process is to verify your registration and, if necessary, resolve any possible misuse of your data.
(3) When you open a user account or purchase an item as part of the Silent Auction, we will process and use the personal data that you have provided to us for the purposes of processing your purchase or donation. We are entitled to process and store the data obtained in connection with the business relationship between you and us for the duration of the existence of your user account, taking into account the requirements of the applicable data protection regulations. Specifically, you are consenting to us
• saving and editing the information you provided when setting up your user account pertaining to company data, billing data, contact persons, and any associated updates you have communicated;
• passing on your personal information, donation amounts or bids submitted by you to the respective charitable organisation for whose benefit the online system is being used
• passing on your personal information, even if a bid has not been made, to the charitable organisation in order to establish contact exclusively for use by consensus at auctions and for expressing thanks.
• passing on your personal information, even if a bid has not been made, to the charitable organisation in order to establish contact exclusively for use by consensus at auctions and for expressing thanks.
• storing any personal data used in the course of transactions and passing it on to third parties should this be necessary for the purposes of contract processing, including billing purposes;
You are otherwise free to have personal data provided during registration deleted in its entirety from the database of the data controller. The data controller will inform you on request at any time as to which personal data relating to the data subject is being stored. The data controller will also correct or delete personal data when requested or notified to do so by the data subject provided that there is no legal obligation to retain the data in question. You can contact the data controller or the data protection officer in accordance with Section 1 at any time by email or post and request the deletion or modification of data.
§ 6 Newsletter
(1) The email address stored during registration can then be used by us to send a newsletter. In such a case, only direct advertising for similar auctions will be sent via the newsletter. The legal basis for sending the newsletter is Art. 7 para. 3 UWG [German Unfair Competition Act].
(2) Your email address is collected to allow the newsletter to be delivered. The collection of other personal data as part of the confirmation process in accordance with para. 2 serves to prevent misuse of services or the email address used.
(3) The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. The email address of the user is therefore stored for as long as you do not withdraw from receiving the newsletter.
(4) You can unsubscribe from receiving our emails at any time by unsubscribing from the newsletter which can be done by sending written notification (email, letter or fax) to the contact details provided in the legal notice.
§ 7 Disclosure of personal data to third parties
§ 7 Disclosure of personal data to third parties
(1) Links to external websites
This website contains links to external sites. We are responsible for our own content. We have no influence over the content of external links and are therefore not responsible for it; in particular we do not adopt their content as our own. If you are directed to an external site, the privacy policy provided there shall apply. If you notice any illegal activities or contents on this page, please let us know. In the event of this we will check the content and respond accordingly (notice and take down procedure).
§ 8 SSL encryption
§ 8 SSL encryption
This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http: //" to "https: //" and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
§ 9 Rights of the data subject
§ 9 Rights of the data subject
Should your personal data be processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the data controller:
• The right to be informed
• The right to request correction
• The right to limitation of processing
• The right to deletion
• The right to deletion
• The right to information
• The right to data portability
• The right to object to processing
• The right to data portability
• The right to object to processing
• The right to withdraw data protection consent
• The right not to apply an automated decision
• The right to file a legal complaint with a supervisory authority
• The right to information
(1) You may request confirmation from the data controller as to whether we are processing or have processed personal data concerning you. If such processing has taken place, you can request information from the data controller at any time and at no charge as to the personal data stored about you and about the following information:
a) the purposes for which the personal data is being processed;
b) the categories of personal data being processed;
c) the recipients or categories of recipients to whom the personal data relating to you either has been or continues to be disclosed;
d) the intended period for which the personal data relating to you will be stored or, where specific information pertaining to this is not available, criteria for determining the storage duration;
e) the existence of a right to rectification or deletion of personal data relating to you, a right to limitation of processing by the data controller, or a right to object to such processing;
f) the existence of a right to appeal to a supervisory authority;
g) all available information on the origin of the data, if the personal data is not being collected from the point of access of the data subject;
h) the existence of automated decision-making, including profiling, in accordance with Art. 22 para.1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
(2) You have the right to be informed as to whether your personal information will be transmitted to a third-party country or an international organisation. In this regard, you can request the appropriate guarantees in accordance with Art. 46 GDPR in relation to the transmission.
The right to request correction
You have the right to prompt rectification and/or completion by the data controller if the personal data processed concerning you is either incorrect or incomplete.
The right to restriction of processing
(1) Under the following conditions, you may request from the data controller that the processing of your personal data be restricted:
a) should you dispute the accuracy of the personal data concerning you for a period of time which allows the data controller to verify the accuracy of the personal data;
b) the processing is unlawful and you reject the deletion of the personal data and instead request the restriction of the use of your personal data;
c) the data controller no longer requires the personal data for processing purposes, but they require it to assert, exercise, or defend legal claims, or
d) you have objected to processing in accordance with Art. 21 para.1 GDPR and it has not yet been established whether the legitimate reasons of the data controller to process your data outweigh your reasons.
(2) If the processing of personal data concerning you has been restricted, then – apart from its storage – this data may only be processed with your consent or for the purposes of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person, or for reasons of an important public interest of the Union or a Member State. If processing has been restricted in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.
The right to deletion
(1) You can request that the data controller delete the personal data concerning you immediately, provided that one of the following reasons applies:
a) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
b) you withdraw your consent, upon which the processing is based in accordance with Art. 6 para.1 lit. a or Art. 9 para.2 lit. a) GDPR and there is no other legal basis for the processing;
c) you object in accordance with Art. 21 para.1 GDPR, and there are no overriding legitimate reasons for its continued processing, or you submit an objection to its processing in accordance with Art. 21 para.2 GDPR.
d) the personal data concerning you has been unlawfully processed.
e) the personal data concerning you must be deleted in order to comply with a legal obligation under Union or Member State law to which the data controller is subject.
f) The personal data concerning you has been collected with respect to services offered by the information society in accordance with Art. 8 para.1 GDPR.
(2) If the data controller has made your personal data public and is required to delete it in accordance with Art. 17 para.1 of the GDPR, the data controller will take appropriate measures, including those of a technical nature, while taking into account available technology and implementation costs, to inform the data controllers who are processing the personal data that you as the data subject have requested that they delete of all links to this personal data, or copies or replications of this personal data.
(3) The right to deletion does not exist if processing is necessary
a) to exercise the right to freedom of expression and information;
b) to fulfil a legal obligation which requires the processing in accordance with the law of the Union and Member States to which the data controller is subject, or to perform a task which falls within the public interest or occurs in the exercise of public authority which was transferred to the data controller;
c) for reasons of public interest in the field of public health in accordance with Art. 9 para.2 lit. h and i, and Art. 9 para.3 GDPR;
d) for the purposes of archiving, the purposes of scientific or historical research, or statistical purposes which fall within the public interest in accordance with Art. 89 para.1 GDPR, to the extent that the right referred to in Section a) is likely to render impossible or seriously inhibit the achievement of the purposes of such processing; or
e) to assert, exercise or defend legal claims.
The right to information
If you have exercised your right to have the data controller correct, delete, or limit the processing, this party is obliged to inform all recipients to whom the personal data that concerns you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed as to these recipients by the data controller.
The right to data portability
The right to data portability
(1) You have the right to obtain a copy of the personal data we have on file concerning you in a structured, commonly used, machine-readable format. You also have the right to transmit this data to another data controller without hindrance from the controller to which the personal data were made available insofar as
a) the processing is based on your consent in accordance with Art. 6 para.1 lit. a GDPR or Art. 9 para.2 lit. a GDPR or a contract in accordance with Art. 6 para.1 lit. b GDPR and
a) the processing is based on your consent in accordance with Art. 6 para.1 lit. a GDPR or Art. 9 para.2 lit. a GDPR or a contract in accordance with Art. 6 para.1 lit. b GDPR and
b) the processing is carried out using automated procedures.
(2) In exercising this right, you also have the right to have the data controller transfer your personal data directly to another data controller if this is technically feasible. This action must not affect the freedoms and rights of other persons.
(3) The right to data portability does not apply to personal data processing which is required for the performance of a task which falls within the public interest or which occurs in the exercise of public authority which was transferred to the data controller.
(4) In order to exercise the right to data portability, the data subject may at any time contact the controller.
The right to object
(1) You have the right, for reasons arising from your specific situation, to object to the processing of personal data concerning you at any time carried out in accordance with Art. 6 para.1 lit. e or f GDPR; this also applies to profiling based on those provisions.
(2) The data controller will no longer process the personal data relating to you unless they can prove a compelling, legitimate reason for this which outweighs your interests, rights, and freedoms or the processing serves to assert, exercise, or defend legal claims.
(3) If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to such processing; this also applies to profiling insofar as it is associated with such direct marketing. If you object to your data being processed for direct marketing purposes, your personal data will no longer be processed for such purposes.
(4) In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object to using an automated process involving the use of technical specifications.
(5) In order to exercise the right to object, the data subject may contact the controller directly.
The right to revoke consent under data protection law
The right to revoke consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing consent does not affect the legality of processing carried out based on consent before its withdrawal. You can contact the data controller to this end.
Automated decision in individual cases, including profiling
(1) You have the right to not be subjected to a decision based solely on automated processing – including profiling – which has legal bearing on you or that significantly affects you in a similar manner. This shall not apply if the decision
a) is necessary for either the conclusion or performance of a contract between the you and a data controller;
b) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
c) is based on your explicit consent.
(2) These decisions may, however, not be based on special categories of personal data in accordance with Art. 9 para.1 GDPR, unless Art. 9 para.2 lit. a or g GDPR apply and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests.
(3) In the cases referred to in (1) and (3), the data controller will take reasonable measures to safeguard your rights, freedoms, and legitimate interests, including, at a minimum, the right to obtain the intervention of an individual on the part of the data controller to state their own position and challenge the decision.
(4) If the data subject wishes to exercise their rights concerning automated individual decision-making, he or she may, at any time, contact any employee of the company.
The right to file a legal complaint with a supervisory authority
The right to file a legal complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State containing your residence, place of work, or the location of the supposed violation, if you believe that the processing of your personal data violates the GDPR. The supervisory authority with which the complaint is filed will inform the complaining party of the status and results of the appeal, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.
§ 10 Modifications of the privacy policy
We reserve the right to change our data protection practices and this policy to adapt it to any changes in relevant laws and/or regulations or to better meet your needs. We will notify you of possible changes to our data protection practices here. Please note the current version date of the privacy policy.
