Data Protection
Any collection, use, storage, deletion or other utilisation (hereinafter referred to as ‘processing’) of data serves exclusively to provide our services. Our services have been designed with the aim of using as little personal data as possible. In this context, ‘personal data’ (hereinafter also referred to as ‘data’) refers to all individual details about personal or factual circumstances of an identified or identifiable natural person (so-called ‘data subject’).
The following information on data protection describes which types of personal data are processed when you visit our website, what happens to this personal data and how you can object to data processing if necessary.
1 General information on data processing on this website
1.1 Controller responsible
The controller within the meaning of the EU General Data Protection Regulation (GDPR) is
Zentrum für Data-driven Empowerment, Leadership und Advocacy (zedela) gUG (haftungsbeschränkt)
Address: Großgörschenstraße 27, 10829 Berlin
E-mail: info@zedela.org
Homepage: https://www.zedela.org/
1.2 Data protection officer
The data protection officer is
Alexander Hönsch from WS Datenschutz GmbH
If you have any questions about data protection, you can contact WS Datenschutz GmbH at the following e-mail address: zedela@ws-datenschutz.de
WS Datenschutz GmbH
Dircksenstraße 51
D-10178 Berlin
https://webersohnundscholtz.de
1.3 Protection of your data
We have taken technical and organisational measures to ensure that the provisions of the GDPR are observed both by us and by external service providers who work for us.
If we work with other companies, such as email and server providers, to provide our services, this is only done after an extensive selection process. In this selection process, each individual service provider is carefully selected for its suitability in connection with technical and organisational skills in data protection. This selection process is documented in writing and a contract pursuant to Art. 28 para. 3 GDPR on the processing of personal data on behalf of the controller (data processing agreement) is only concluded if it fulfils the requirements of Art. 28 GDPR.
Your data is stored on specially protected servers. Access to it is only possible for a few specially authorised persons.
Our website is SSL/TLS encrypted, which you can recognise by the ‘https://’ at the beginning of the URL. If personal data is involved in email communication, emails are sent encrypted from our end. We also use the integrated SSL certificate for this.
1.4 Deletion of personal data
We only process personal data for as long as is necessary. As soon as the purpose of the data processing has been fulfilled, the data is blocked and erased in accordance with the standards of the erasure concept here, unless statutory provisions prevent erasure.
2 Newsletter
2.1 Description and scope of data processing
We offer the option of subscribing to our newsletter on our website. When subscribing to the newsletter, you will be asked to provide personal data for processing. This is the data that is requested in the newsletter input mask. Input fields marked with an ‘*’ are mandatory:
First name
Surname
e-mail address
These mandatory fields are required in order to send you the newsletter.
The newsletter is sent by e-mail. You will only receive the newsletter after registering for it. In order to fulfil the requirements of the GDPR, we use the so-called DOI procedure (‘double opt-in’). If you register for our newsletter, you will receive a confirmation e-mail to the electronic mailbox specified in the input field. This e-mail contains a confirmation link that you must click on. After this process, you have successfully registered for the newsletter. The IP address, date and time of registration are stored in order to carry out the procedure. This is to prevent misuse. The data will not be passed on to third parties.
2.2 Legal basis for data processing
The legal basis for data processing is your consent in accordance with Art. 6 Para. 1 S.1 lit. a) GDPR.
2.3 Purpose of the data processing
The purpose of the newsletter is to inform you about news from us at regular intervals.
2.4 Duration of data storage
We only process your data for as long as this is necessary to fulfil the purpose and no legal or official retention obligations prevent deletion.
2.5 Possibility of cancellation by the data subject
Consent to the processing of personal data as part of the newsletter subscription can be withdrawn at any time. To do this, you can click on the unsubscribe link integrated in every newsletter or inform us of the withdrawal of consent in another way.
2.6 Dispatch service provider Brevo
2.6.1 Description and scope of data processing
The newsletter is sent via ‘Brevo’, an online marketing platform. The data processing is carried out by Sendinblue GmbH (‘Brevo’), Köpenicker Straße 126, 10179 Berlin, Germany.
The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on Brevo’s servers in the EU. Brevo is a certified provider that has been selected in accordance with the requirements of the General Data Protection Regulation and the Federal Data Protection Act. Brevo processes the personal data on our behalf and in accordance with our instructions on the basis of an order processing contract concluded with the company in accordance with Art. 28 para. 3 GDPR.
Further information on data protection at Brevo can be found here
Privacy Policy - Protection of Personal Data | Brevo
2.6.2 Legal basis for data processing
Data processing by Brevo is based on a legitimate interest on our part in the effective and secure transmission of the newsletter to you, in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR.
2.6.3 Purpose of the data processing
We use Brevo as our mailing service provider to ensure effective address management and to stay in contact with you via the newsletter.
2.6.4 Duration of data storage
Brevo deletes personal data as soon as the purpose of the data processing has been achieved and no legal, contractual or official regulations prevent deletion. This is the case no later than 100 days after termination of the contract between us and Brevo
2.6.5 Possibility of cancellation by the data subject
You have the option to withdraw your consent at any time. To do so, please contact our data protection officer. You can also use the ‘opt-out’ link at the end of each email at any time, which will result in us deleting your email address from our address file, which is why Brevo will then no longer process your personal data. However, this has no effect on address files that Brevo manages on behalf of other clients.
3 Your rights
You have the following rights with regard to your personal data:
3.1 Right to withdraw consent (see Art. 7 GDPR)
If you have given your consent to the processing of your data, you can withdraw it at any time. Such a revocation affects the permissibility of processing your personal data for the future after you have given it to us. It can be made verbally (by telephone) or in writing by post or e-mail to us.
3.2 Right to information (see Art. 15 GDPR)
In the event of a request for information, you must provide sufficient information about your identity and provide proof that the information is yours. The information concerns the following information
- the purposes for which the personal data is processed
- the categories of personal data being processed
- the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed
- the envisaged period for which the personal data concerning you will be stored, or, if specific information on this is not possible, the criteria used to determine that period
- the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing
- the existence of a right to lodge a complaint with a supervisory authority
- all available information about the origin of the data if the personal data is not collected from the data subject
- the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
3.3 Right to rectification or erasure (see Art. 16, 17 GDPR)
You have a right to rectification and/or completion vis-à-vis us as the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.
You can also request the erasure of personal data concerning you if one of the following reasons applies to you:
- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 sentence 1 lit. a) or Art. 9 para. 2 lit. a) GDPR and there is no other legal basis for the processing.
- You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
- The personal data concerning you has been processed unlawfully.
- The deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
If we have made the personal data concerning you public and we are obliged to erase it pursuant to Art. 17 (1) GDPR, we will take all reasonable steps to inform other data controllers that you have requested the erasure of all links to this personal data or of copies or replications of this personal data.
The right to erasure does not exist insofar as the processing is necessary
- For exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the aforementioned right is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
- for the establishment, exercise or defence of legal claims
3.4 Right to restriction of processing (see Art. 18 GDPR)
You may request that we restrict the processing of your personal data under the following conditions
- if you contest the accuracy of the personal data concerning you for a period enabling us to verify the accuracy of your personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
- we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
- if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet certain whether our legitimate reasons outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.
3.5 Right to information (see Art. 19 GDPR)
If you have asserted your right to rectification, erasure or restriction of data processing against us, we are obliged to notify all recipients of your personal data of the rectification, erasure or restriction of data processing. This only applies insofar as this notification does not prove to be impossible or would involve a disproportionate effort.
You have the right to know which recipients have received your data.
3.6 Right to data portability (see Art. 20 GDPR)
You have the right to receive your personal data from us in a commonly used, machine-readable format in order to have it transmitted to another controller, provided that
- the processing is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b) GDPR and
- the processing is carried out by automated means.
When exercising your right to data portability, you have the right to obtain that the personal data be transferred directly by us to another controller, insofar as this is technically feasible.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
3.7 Right to object to processing (see Art. 21 GDPR)
If we base the processing of your personal data on a legitimate interest (pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR) on our part, you can object to the processing. The same applies if we base the data processing on Art. 6 para. 1 sentence 1 lit. e) GDPR.
When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or point out to you our compelling reasons worthy of protection on the basis of which we will continue the processing.
3.8 Right to lodge a complaint with the competent supervisory authority (see Art. 77 GDPR)
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged will inform you of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
4 How to exercise these rights
To exercise these rights, please contact our data protection officer:
Alexander Hönsch from WS Datenschutz GmbH
or by post:
WS Datenschutz GmbH
Dircksenstraße 51
D-10178 Berlin
5 Subject to change
We reserve the right to amend this privacy policy in compliance with the statutory provisions.
Status November 2023