I. Name and Address of the Controller
The controller in the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other provisions of data protection law is:
Initiative Women into Leadership e.V.
Germany phone: +49 151 27 252 653
II. General Information on Data Processing
1. Scope of Processing of Personal Data
We process the personal data of our users only to the extent necessary to provide a functioning website as well as our content and services. The processing of personal data of our users takes place regularly only after consent of the user. An exception applies in those cases in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by statutory provisions.
2. Legal Basis for the Processing of Personal Data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) GDPR serves as the legal basis. Art. 6 (1) (b) GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our organization is subject, Art. 6 (1) (c) GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our organization or a third party and the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.
3. Data Erasure and Storage Duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. The data may be stored for a longer period if the European or national legislator has provided for a respective storage provision in regulations, laws or other provisions to which the controller is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned regulations expires, unless the further storage of the data is necessary for the conclusion or performance of a contract.
III. Provision of the Website and Creation of Log FilesEach time you access our website, our system automatically collects data and information from the computer system of the accessing computer. The access logs of the web servers record which page accesses took place at which time. This includes the following data: IP address, directory protection user, date, time, pages viewed, protocols, status code, data volume, referrer, user agent and hostname viewed. The IP addresses are stored anonymously. For this purpose, the last three digits are removed. IPv6 addresses are also anonymized. The anonymized IP addresses are stored for 60 days. Details of the directory protection user used are anonymized after one day. Error logs, which log incorrect page views, are deleted after seven days. In addition to the error messages, these logs also contain the IP address accessing the site and, depending on the error, the website accessed. Accesses via FTP are logged anonymously and stored for 60 days. The legal basis for the temporary storage of data is Art. 6 (1) (f) GDPR. The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no opportunity to object on the part of the user.
We also use the Statify plug-in on this website to create statistics. Unlike other statistics services, Statify does not process or store any personal data such as IP addresses. The Statify plug-in counts page views but not visitors. These are transferred to a database table created locally in WordPress, containing only the ID, the date, the source and the destination. All data will be deleted automatically after four weeks.
VI. Google Fonts
VIII. Contact Form
A contact form is available on our website, which can be used for electronic contact. If a user uses this option, the following data entered in the input mask will be submitted to us and stored: salutation; first name; last name; e-mail address. Optional data provided by you can also be saved. These are, for example, comments. The data will not be passed on to third parties in this context. The data are used exclusively for the processing of the conversation. If you send us further contact addresses, you also agree that we may also contact you via this communication channel in order to answer your request. The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the relevant facts have been conclusively clarified. The additional personal data collected during the sending process are deleted at the latest after a period of seven days. The legal basis for the processing of the data is Art. 6 (1) (a) GDPR if the user has given his / her consent. The legal basis for the processing of data submitted by e-mail is Art. 6 (1) (f) GDPR. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR. The user has the possibility at any time to revoke his / her consent to the processing of personal data by sending a message to firstname.lastname@example.org. If the user contacts us by e-mail, he / she can object to the storage of his / her personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.
IX. Rights of the Data Subject
If personal data about you are processed, you are the data subject within the meaning of the GDPR and you are entitled to the following rights towards the controller:
1. Right to Acces
You may request confirmation from the controller as to whether personal data concerning you will be processed by us. In the event of such processing, you may ask the data controller to provide you with the following information: (1) the purposes for which the personal data will be processed; (2) the categories of personal data to be processed; (3) the recipients or categories of recipients to whom the personal data relating to you has been or will be disclosed; (4) the planned duration of the retention of the personal data concerning you or, if it is not possible to provide specific information, criteria for determining the retention period; (5) the existence of a right to rectify or delete the personal data concerning you, a right to restrict the processing by the controller or a right to object to such processing; (6) the existence of a right to lodge a complaint with the supervisory authority; (7) all available information on the origin of the data if the personal data are not collected from the data subject; (8) the existence of an automated decision making process including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and desired effects of such processing for the data subject. You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.
2. Right to Rectification
You have the right to have your personal data rectified and/or completed by the controller if the personal data processed concerning you is inaccurate or incomplete. The data controller must rectify the data without delay.
3. Right to Restriction
Under the following conditions, you may request that the processing of your personal data be restricted: (1) if you dispute the accuracy of the personal data concerning you for a period of time which enables the controller to verify the accuracy of the personal data; (2) if the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data; (3) if the controller no longer requires the personal data for the purposes of the processing, but you need it for the establishment, exercise or defense of legal claims, or (4) if you object to the processing in accordance with Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the data controller outweigh your reasons. If the processing of the personal data concerning you has been restricted, these data – apart from their storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. If the restriction on processing has been lifted in accordance with the above conditions, you shall be informed by the controller before the restriction is lifted.
4. Right to Erasure
- a) Obligation to Delete
You may request the data controller to delete the personal data concerning you immediately and the data controller is obliged to delete these data immediately if one of the following conditions applies: (1) The personal data relating to you are no longer necessary for the purposes for which they were collected or otherwise processed. (2) You revoke your consent on which the processing pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR was based and there is no other legal basis for the processing. (3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing or you object to the processing pursuant to Art. 21 (2) GDPR. (4) The personal data relating to you have been processed unlawfully. (5) The deletion of the personal data relating to you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject. (6) The personal data relating to you have been collected in relation to services offered by the information society pursuant to Art. 8 (1) GDPR.
- b) Information to Third Parties
If the controller has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 (1) GDPR, the controller shall take appropriate measures, also of a technical nature, taking into account the available technology and the implementation costs, to inform those responsible for data processing that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.
- c) Exceptions
The right to erasure shall not exist in so far as processing is necessary (1) for the exercise of the right to freedom of expression and information; (2) for the performance of a legal obligation which the processing requires under the law of the Union or of the Member States to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (3) for reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and (i) as well as Art. 9 (3) GDPR; (4) for archive purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR, insofar as the law referred to under a) presumably makes the realization of the objectives of such processing impossible or seriously impairs it, or (5) for the establishment, exercise or defense of legal claims.
5. Right to be Informed
If you have exercised your right to rectify, erasure or restrict the processing of your personal data against the data controller, the data controller is obliged to inform all recipients, to whom the personal data concerning you have been disclosed, of this rectification or erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the data controller.
6. Right to Portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another controller for the processing of your personal data without any hindrance on the part of the controller, provided that (1) the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and (2) the processing is carried out using automated procedures. In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this transfer. The right to data transfer does not apply to the processing of personal data necessary for the performance of an obligation carried out in the public interest or in the exercise of public authority vested in the controller.
7. Right to Object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. The controller will no longer process the personal data concerning you, unless he can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims. If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility to exercise your right to object in connection with the use of Information Society services – notwithstanding Directive 2002/58/EC – by means of automated procedures using technical specifications.
8. Right to Revoke Consent
You have the right to revoke your declaration of consent for processing data at any time. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until you revoke it.
9. Right to Lodge a Complaint to a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you are of the opinion that the processing of your personal data is in breach of the GDPR. The supervisory authority to which the complaint was submitted informs the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.