Privacy Policy
1.1 Operator and Object
RESET gemeinnützige Stiftungs-GmbH (hereinafter referred to as “RESET”) operates this online service in compliance with the relevant European and German data protection regulations.
By using this website, you consent to the collection, processing and use of data in accordance with the following description. Our website can be visited without registration. When you visit our website, data such as which pages were accessed, the names of files that were accessed and the date and time are stored on the server for statistical purposes, without this data being linked directly to you as an individual (see Point 2. Data collection).
1.2 Right to information and objection
You have the right to information about any personal data that is processed. Additionally, you have the right to modify and delete your personal data, as well as limit the processing of it as far as you are legally entitled to do so. You also have the right to object to the processing of your personal data to the extent permitted by law. The same applies to the right for data portability.
1.3 Contact person for data protection
If you have any questions regarding data protection, please contact our Privacy Officer Lydia Skrabania by post or email.
1.4 Supervisory Authority
You also have the option to contact a data protection authority and file a complaint. The authority responsible for RESET is:
The Hamburg Commissioner for Data Protection and Freedom of Information
Klosterwall 6 (Block C)
20095 Hamburg
Germany
2. Data collection
When you visit the website, information (hereinafter referred to as “access data”) is automatically collected from the visiting computer. This access data includes server log files which usually consists of information about the browser type and version, the operating system, the Internet service provider, the date and time the website was used, previously visited websites, websites newly-accessed from this website and the IP address of the computer. With the exception of the IP address, the server log files are not personally identifiable. An IP address is personally identifiable if it is permanently assigned when using an Internet connection and the Internet provider is able to match this address to a person.
If you continue to use the services of the website, pseudonymous usage profiles and the data you enter on the website (e.g. search words, login information, form entries and registration information) will be processed.
Some services on the website require you to provide RESET with personally-identifiable information. In these cases, the information provided by you will be used to provide you with the service you require or in order to be able to process your request. The following personal data will be processed on the website: user data such as e-mail address, name data, address data, contact details, donation data, comments, image data.
All data is collected directly from the people concerned.
3. Cookies
RESET uses so-called “cookies”. Cookies are small text files that are stored on the hard drive of the computer being used and that communicate with the RESET server when visiting the RESET website. Cookies help to automatically adjust the website to the needs of the user. The use of cookies can be restricted or blocked at any time by changing the corresponding settings of the Internet browser.
In principal, cookies are just online identification data that does not include personal details. The cookies become personalised when the information generated by the cookies is also merged with other data. A distinction can be made between cookies which are required for the provision of the website, and cookies which are required for further purposes such as in order to analyse user behaviour or for advertising.
The cookies that are necessary for the provision of the website include: cookies used to identify or authenticate users and cookies that store certain user preferences (e.g. language settings).
Cookies required for other purposes include: analysis cookies which are used in order to record and statistically evaluate our users’ usage behaviour (e.g. clicked articles, visited subpages, search queries made, clicked ads via Google for Nonprofits).
4. Purpose of the data processing
We use the collected data for the following purposes:
- to provide the website and to ensure technical safety, in particular to remedy technical errors and to ensure that unauthorised persons do not gain access to the systems of the website;
- to provide the online information platform “RESET: Digital for Good” and to perform our obligations in accordance with our current Terms and Conditions of Use [LINK].
- to measure reach and carry out web analytics in order to make the website more efficient and interesting for you;
- for communication purposes;
- to send newsletters and updates via e-mail;
- to receive and process donations;
- to create and send donation receipts;
- to manage donation projects
For more information about these purposes, see the following sections of this privacy policy.
4.1 Technical website provision
To ensure the functionality of the website, to carry out security analyses and to prevent attacks, the server log files of the visiting computer are automatically recorded and saved for a short while when entering and using the website. RESET uses the server log files for statistical evaluations, to analyse and remedy technical incidents, to ward off attack and fraud attempts and to optimise the functionality of the website.
After visiting the website, the server log files are stored on the web server and the IP address contained within is deleted within 7 days at the latest. Backups are stored for 14 days in encrypted form.
For its web hosting RESET uses the service of Hetzner Online, a web hosting service provider certified in accordance with the internationally recognised standard for information security DIN ISO/IEC 27001. Hetzner Online uses electricity from renewable sources to power the servers in the data centre parks; the servers are located in Germany and Finland.
4.2 Online services: Newsletters and online donations
In order for you to be able to use our online services (subscribe to online newsletters or make online donations), we need data such as your e-mail address, your name and other personal information. Under no circumstances will we use your personal data for other purposes without your consent.
As a matter of principle, your data will be encrypted using SSL (Secure Socket Layer) procedures and transmitted to us and, if necessary, to credit institutions – that process your data on their systems in order to process donations – so as to prevent access by unauthorised third parties. Only a a few specially authorised persons – who are familiar with the relevant data protection regulations – are granted access to donation data.
We use Mailjet to send our newsletter. You will find detailed information on newsletter data and our newsletter service provider under Point 5.
We use Twingle to receive and process donations and to manage fundraising campaigns. Detailed information can be found under Point 6.
4.3 Google Analytics web tracking
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, text files that are stored on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of the website, such as:
- browser type/version,
- operating system used,
- referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of server request,
is usually transferred to a Google server in the USA and stored there. The IP address transmitted by your computer within the framework of Google Analytics is not merged with other Google data.
You may refuse the use of cookies by selecting the appropriate settings on your browser. However please note that if you do this you may not be able to use the full functionality of this website.
To prevent the data generated by the cookie and related to your use of the website (including your IP address) being sent to and processed by Google, you can download and install the browser plug-in available for Chrome under the following link: https://www.google.com/chrome/
Opt-out cookies prevent the future collection of your data when visiting this website. To prevent Universal Analytics (an extension of Google Analytics) tracking across devices, you must opt out on all systems that you use. (You can find information on how to integrate the opt-out cookie here.)
We also use Google Analytics to analyse data from AdWords for statistical purposes. If you do not want this, you can disable it through the Ads Preferences Manager.
For more information on data protection in connection with Google Analytics, please see Google’s privacy policy or Google Analytics Help.
5. Newsletter
The data you provide to us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from our newsletter and deleted after you have unsubscribed from it.
5.1 Newsletter Data
If you wish to receive our newsletter, we need your e-mail address and information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter (double opt-in procedure). No further data will be collected or will only be collected on a voluntary basis. We use this data exclusively in order to send the requested information and do not pass the information on to third parties. The data entered in the newsletter registration form will be processed exclusively on the basis of your consent (Article 6 Paragraph 1 Letter a) of the GDPR. You can revoke your consent to the storage of your data, your e-mail address and the use of them in order to send the newsletter at any time, e.g. via the “unsubscribe” link in each newsletter. The legality of the data processing that has already taken place remains unaffected by this revocation. The data that you have stored with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from our newsletter and deleted after you have unsubscribed from it.
5.2 Substack
To send our Digital for Good newsletter, we use Substack (111 Sutter Street, 7th Floor, San Francisco, United States).
The email address you sign up with is securely stored on Substack’s servers, and is kept there until you choose to unsubscribe. When you unsubscribe, Substack will delete your data from their servers, as compliant with GDPR legislation.
Substack seeks to comply with applicable Data Regulations by providing public-facing policies and standard contractual clauses on its platform and in agreements with Publishers such as RESET.org. These policies and clauses can be found in Substack’s Privacy Policy, CCPA Policy, and Publisher Agreement (“Privacy Documents”).
For Publishers, including RESET.org, who are considered to be Controllers (as defined under the GDPR), Substack has provided for Standard Contractual Clauses in its Publisher Agreement. These contractual clauses ensure appropriate data protection safeguards which can be used as a ground for data transfers from the EU (and the UK) to third countries.
6. Online Donations
Visitors to the website can support the work of RESET by making donations. In order to do this, it is necessary to enter the master data highlighted in the form. All other information is entered voluntarily. Failure to provide data that is marked as compulsory means you will not be able to make a donation via the website. Donors’ data is stored for the duration of the statutory retention period (ten years after the end of the calendar year in which the last donation was made).
6.1 twingle
This website uses a donation form supplied by twingle GmbH, Prinzenallee 74, 13357 Berlin (“twingle”) via the service of the GLS Gemeinschaftsbank eG. With this donation form, Twingle provides the technical platform for the donation process. The data you enter when making a donation (e.g. address, bank details, etc.) will be stored by twingle on servers in Germany only in order to process the donation.
We have entered into a contract for order data processing with twingle and our use of twingle’s donation form is carried out in full accordance with the strict requirements of the EU’s General Data Protection Regulation and the German data protection authorities.
Your data is transferred on the basis of Article 6 Paragraph 1 Letter a) of the GDPR (consent) and Article 6 Paragraph 1 Letter b) of the GDPR (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. A revocation has no effect on the effectiveness of past data processing operations. The legality of the data processing that has already taken place remains unaffected by this revocation.
You can find twingle’s data protection guidelines (in German) at: https://www.twingle.de/datenschutz/
6.2 Matomo
Within twingle’s donation form, data is collected and stored using the web analytics software Matomo (www.matomo.org), a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, (“Matomo”) on the basis of twingle’s legitimate interest in the statistical analysis of user behaviour for optimisation purposes in accordance with Art. 6 Para. 1 Letter f) of the GDPR. This data can be used to create and evaluate pseudonymised user profiles for this same purpose. Cookies may be used for this purpose (see point 3 of this data protection information). Cookies are small text files that are stored locally in the cache of the visitor’s Internet browser. The cookies make it possible, among other things, for the Internet browser used to be recognised. The data collected with Matomo technology (including your pseudonymised IP address) is processed on twingle servers.
The information generated by the cookie in the pseudonymous user profile is not used to personally identify visitors to this website and is not merged with personal data about the bearer of the pseudonym.
If you do not agree with the data from your visit being stored and evaluated, you can object to its subsequent storage and use at any time with just a few clicks. You can do this by storing a so-called opt-out cookie in your browser which stops Matomo from collecting any session data from you. Please note that completely deleting your cookies means that the opt-out cookie will also be deleted and may have to be reactivated by you.
6.3 Collection, processing and use of personal data for donations
When you make a donation, we collect and use your personal data only to the extent necessary to fulfil and process your donation and, if applicable, to process your enquiries. It is necessary to provide your data in order for the donation process to be carried out. Failure to do so will result in your donation not being received. The processing is based on Art. 6 (1) Letter b) of the GDPR and is necessary in order for the donation transaction to be carried out. Your data will not be passed on to third parties without your express consent. The only exceptions to this are the service partners that we need in order to process the donation and the service providers that provide us with other necessary services within the broader framework of the donation process. In addition to the recipients mentioned in the respective clauses of this privacy policy, that includes, for example, recipients that fall into the following categories: payment service providers and service providers that send out donation receipts. In all of these cases we maintain a strict observance of the legal requirements and only transmit the minimum amount of data possible. You have the chance to revoke your consent to data processing at any time. The legality of the data processing that has already taken place remains unaffected by this revocation.
7. Social media
RESET maintains an online presence within social networks and platforms in order to communicate with our users and people interested in our work and to inform them there about sustainable digitalgreen and social innovations. This includes Facebook, Twitter, Pinterest and Instagram. When visiting those platforms, the terms and conditions and the data processing guidelines of the respective operators apply.
8. Profiling
Profiling as set out in Article 22 (1) and (4) of the GDPR is not carried out.
9. Version Information
As the Internet rapidly develops and new technologies are implemented, it may be necessary to adjust and supplement our privacy policy in order to improve our service to you. We therefore recommend that you review this privacy policy from time to time.
Current version: V 02 from 07.10.2021