Privacy Policy

Responsible for this website:

I.K.Z. Hidaje e.V. Gärtnerstrasse 41 80992 Munich Email: info@hidaje.de

No data protection officer has been appointed as this is not legally required.

When accessing content on the website, data that may allow identification is temporarily stored. The following data is collected:

- Date and time of access - IP address - Hostname of the accessing computer - Website from which the website was accessed (referrer) - Websites accessed through the website - Page visited on our website - Message whether the retrieval was successful (HTTP status code) - Amount of data transferred - Information about browser type and version used - Operating system

This data is processed by our hosting provider, Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA, on our behalf (data processing). The data transfer to the USA is based on Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.

The temporary storage of data is necessary for the operation of a website visit to enable delivery of the website. Further storage in log files is carried out to ensure the functionality of the website and the security of the information technology systems. These purposes also constitute our legitimate interest in data processing.

The data is processed on the basis of Art. 6(1)(f) GDPR (legitimate interest).

The website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel receives the above-mentioned data as a data processor.

The log files are kept directly accessible by Vercel for a maximum of 24 hours. After that, they are only available indirectly through the reconstruction of backup tapes and are permanently deleted after a maximum of 30 days. Aggregated, non-personal data may be stored longer.

In addition to the above data, we process the following data when you make a donation:

- Full name - Email address - Donation amount - Donation date - Payment method (e.g., credit card, PayPal) - Message (if provided by donor) - Information whether the donation should be anonymous - Stripe Session ID

This data is processed for handling the donation and fulfilling our legal obligations (e.g., tax retention obligations). The legal basis for this is Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(c) GDPR (compliance with a legal obligation).

Payment processing is handled through our payment service provider Stripe, Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA. Data transfer to the USA is based on Standard Contractual Clauses.

Donation data is stored for the duration of statutory retention periods (10 years according to § 147 of the German Fiscal Code).

a. Right of Access You can request information according to Art. 15 GDPR about your personal data that we process.

b. Right to Object: You have a right to object based on grounds relating to your particular situation (see under point II).

c. Right to Rectification If the information concerning you is no longer accurate, you can request rectification according to Art. 16 GDPR. If your data is incomplete, you can request completion.

d. Right to Erasure You can request the erasure of your personal data according to Art. 17 GDPR.

e. Right to Restriction of Processing You have the right according to Art. 18 GDPR to request restriction of the processing of your personal data.

f. Right to Lodge a Complaint If you believe that the processing of your personal data violates data protection law, you have the right according to Art. 77(1) GDPR to lodge a complaint with a supervisory authority of your choice. This includes the supervisory authority responsible for the controller:

Bavarian State Office for Data Protection Supervision (BayLDA) Promenade 18 91522 Ansbach https://www.lda.bayern.de/

g. Right to Data Portability If the requirements of Art. 20(1) GDPR are met, you have the right to receive data that we process automatically based on your consent or in fulfillment of a contract, to yourself or to third parties. The collection of data for the provision of the website and the storage of log files is essential for the operation of the website. Therefore, they are not based on consent according to Art. 6(1)(a) GDPR or on a contract according to Art. 6(1)(b) GDPR, but are justified according to Art. 6(1)(f) GDPR. The requirements of Art. 20(1) GDPR are therefore not met in this respect. In the case of donation processing, a right to data portability exists.

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR (data processing based on a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system.

We exclusively use one *technically necessary* session cookie to enable administrators to log in to the backend. This cookie contains no personal data except for a session ID and is automatically deleted when the browser is closed. As this cookie is necessary for the basic functionality of the website (administration), no separate consent is required.

This privacy policy is updated as needed to adapt it to legal or technical changes.