321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V.

We are delighted by your interest in our society. Data protection is of the utmost importance to the management of 321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V. It is generally possible to use the web pages of 321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V. without providing any personal data. Should a data subject want to take advantage of special services of our society on our website, it may become necessary to process personal data. When the processing of personal data is necessary and there is no legal basis to do so, we seek the consent of the data subject. 

We process personal data such as the name, postal address, email address, or telephone number of a data subject in accordance with the General Data Protection Regulation (GDPR) as well as in compliance with the national regulations to which 321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V. is subject. The aim of this Privacy Policy is to inform the public of the type, extent, and purpose of the personal data that our society collects, uses, and processes. Further, this Privacy Policy will inform the data subject of their rights. 

As the data controller, 321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V. has implemented numerous technical and organizational measures to ensure the best possible protection of the personal data we collect via this website. Despite these security measures, web-based data transmission is always subject to some degree of vulnerability. Therefore, absolute protection cannot be guaranteed. For this reason, each data subject also has recourse to alternative methods of providing us with their personal data, such as via the telephone. 

1. Definition

The Privacy Policy of 321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V. is based on the definitions used by the European body that issued the General Data Protection Regulation (GDPR) upon its enactment. We intend our Privacy Policy to be easy to read and understandable both to the public as well as our customers and business partners. In order to ensure this, we wish to first clarify the terms used here. 

This Privacy Policy uses the following terms, among others: 

a)    Personal Data

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 

b)   Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the data controller. 

c)    Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. 

d)    Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future. 

e)    Profiling 

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. 

f)     Pseudonymization

Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person. 

g)    Data controller

The data controller means a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by European Union or Member State law, the data controller or the specific criteria for its nomination may be provided for by EU or Member State law. 

h)    Processor

Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the data controller. 

i)      Recipient 

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the course of a particular inquiry in accordance with EU or Member State law shall not be regarded as recipients. 

j)      Third Party

Third party means a natural or legal person, public authority, agency or body other than the data subject, data controller, processor and persons who, under the direct authority of the data controller or processor, are authorized to process personal data. 

k)    Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them. 

2. Name and address of the data controller

The data controller within the meaning of the GDPR, other applicable data regulations in EU Member States and other provisions of a data protection character is: 

321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V. 

c/o Synagogen-Gemeinde Köln, Ottostraße 85 

50823 Cologne

Germany

Phone: +49 221 968828 – 20 

E-Mail: info@2021JLID.de 

Website: www.2021JLID.de 

3. Cookies 

The web pages of 321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V. use cookies. Cookies are text files that your browser automatically creates and stores on your device. 

The use of cookies is standard on many websites and servers. Many cookies contain a so-called ID. A cookie ID is a unique identifier of a given cookie. It consists of a character string through which websites and servers can be assigned to the specific Internet browser where the cookie was stored. This makes it possible for websites and servers to distinguish the individual browser of a data subject from other Internet browsers that contain different cookies. A given Internet browser can be recognized and identified by a unique cookie ID. 

By using cookies, 321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V. can provide users of its website with more user-friendly services that would not be possible without the use of cookies. 

The use of cookies allows us to optimize the information and offers on our website to the benefit of the user. Cookies also allow us, as already mentioned, to recognize users that have already visited our website. Such recognition aims to make our website more user-friendly. For example, users of a website that uses cookies need not re-enter their credentials each time they visit the website, as this is done by the website and the cookie stored on the user’s device. Another example is a shopping cart cookie in an online shop. The online shop remembers the articles that a customer has placed in their virtual shopping cart by means of a cookie. 

The data subject can prevent the use of cookies through our website at any time by means of a corresponding setting in their Internet browser to permanently reject the use of cookies. The data subject can also delete any cookies at any time using their Internet browser or other software. The deletion of cookies is possible in all common web browsers. Deactivating cookies in your Internet browser may render some functions of our website unusable. 

4. Collecting general data and information

The website of 321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V. collects a series of general data and information each time it is accessed by a data subject or an automated system. This general data and information is stored in the server’s log files. Data subject to collection includes (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-web pages which are used by an accessing system on our website (5), the date and time of website access, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information used in the event of attacks on our information technology systems.

321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V. does not draw any conclusions about the data subject when using this general data. Instead, such information is required to (1) correctly deliver the content of our website, (2) to optimize the content as well as the advertisements of our website, (3) to ensure the continued functioning of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyberattack. To this end, 321-2021: 1700 Jahre jüdisches Leben in Deutschland e.V. statistically evaluates such anonymously collected data and information with the further aim of increasing data protection and data security in our society in order to ultimately ensure the best possible level of protection for the personal data we process. The anonymous data of the server’s log files is stored separately from all personal data provided by a data subject. 

5. Subscription to our newsletter

On the 321-2021: 1700 Jahre jüdisches Leben in Deutschland e.V. website, users have the opportunity to subscribe to our society’s newsletter. The personal data transmitted to the data controller through subscription to our newsletter depends on the input interface used for this purpose. 

321-2021: 1700 Jahre jüdisches Leben in Deutschland e.V. sends out a regular newsletter to inform our customers and business partners about our society’s offers. In principle, our society’s newsletter can only be received by the data subject if (1) the data subject has a valid email address and (2) the data subject subscribes to our newsletter. For legal reasons, a confirmation email will be sent to the email address registered by a data subject upon subscription in a double opt-in procedure. This confirmation email serves to verify whether the owner of the email address is the data subject who authorized receipt of the newsletter. 

Upon subscription, we also store the IP address assigned by the Internet service provider (ISP) of the device used by the data subject at the time of subscription as well as the date and time of subscription. Collection of such data is necessary in order to understand the (potential) misuse of a data subject’s email address at a later date and therefore serves as a legal safeguard for the data controller. 

Personal data collected through subscription to our newsletter will only be used to send our newsletter. In addition, subscribers may be notified by email when necessary for the operation of the subscription, as might be the case in the event of changes to the newsletter or changes of a technical nature. In principle, data collected through subscription to our newsletter is not shared with third parties. The data subject may cancel their subscription to our newsletter at any time. The data subject may also at any time revoke consent to the storage of personal data that was given us for sending the newsletter. Each newsletter contains a corresponding link for the purpose of revoking this consent. Furthermore, it is also possible to unsubscribe from the newsletter at any time directly on the website of the data controller or to inform us of this wish in a different way.

6. Newsletter-Tracking 

The newsletter of 321-2021: 1700 Jahre jüdisches Leben in Deutschland e.V. contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such emails sent in HTML format that enables the capture and analysis of log files. This method allows us to statistically evaluate the success or failure of our online marketing campaigns. Using these embedded tracking pixels, 321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V. can determine if and when a data subject opened an email and which links contained in the email the data subject accessed. 

The data controller stores and evaluates such personal data collected via tracking pixels contained in our newsletters in order to optimize delivery of the newsletter and to further adapt the content of future newsletters to the interests of the data subject. This personal data will not be shared with third parties. A data subject is entitled to revoke the separate declaration of consent made via the double opt-in procedure at any time. After revocation, this personal data is erased by the data controller. 321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V. will automatically interpret unsubscribing from the newsletter as a revocation of this declaration of consent. 

7. Contact via our website

Due to legal regulations, the website of 321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V. contains information, including an email address, that allows you to electronically contact our society quickly and to communicate with us directly. If a data subject contacts the data controller by email or using a contact form, the personal data provided by the data subject will be automatically saved. Such data provided voluntarily by the data subject to the data controller is saved for processing purposes or for contacting the data subject. Such data will not be shared with third parties. 

8. Routine erasure and blocking of personal data

The data controller processes and stores the data subject’s personal data only for the period necessary to achieve the storage purpose or, as the case may be, where stipulated by the European directives and regulations or by any other legislator in laws or regulations to which the data controller is subject. 

9. Rights of the data subject

a)    Right to confirmation

The data subject has the right to obtain from the data controller confirmation as to whether or not their personal data is being processed. The data subject can contact a staff member of the data controller at any time to exercise this right of confirmation. 

b)    Right of access

The data subject has the to demand access of the data controller to their stored personal data and to receive a copy of such data at any time and free of charge. In addition, the data subject has the right to access the following information: 

  • The purposes of the processing 
  • The categories of personal data concerned 
  • The recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations 
  • Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period 
  • The existence of the right to request from the data controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing 
  • The existence of a right to lodge a complaint with a supervisory authority 
  • In cases where the personal data is not collected from the data subject: Any available information as to its source 
  • The existence of automated decision-making, including profiling, referred to in GDPR Article 22 Para. 1 and 4 and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject 

The data subject also has right to access information as to whether their personal data is being shared with a third country or an international organization. If this is the case, the data subject also has the right to receive suitable safeguards in connection with such transfer.  

The data subject can contact a staff member of the data controller at any time to exercise this right of access. 

c)    Right to rectification

The data subject has the right to obtain from the data controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement. 

The data subject can contact a staff member of the data controller at any time to exercise this right to rectification. 

d)  Right to erasure (“right to be forgotten”)

The data subject has the right to obtain from the data controller the erasure of personal data concerning them without undue delay and the data controller has the obligation to erase personal data without undue delay where one of the following grounds applies: 

  • The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  • The data subject withdraws consent on which the processing is based according to GDPR Article 6 Para. 1 (a), or Article 9 Para. 2(a), and where there is no other legal ground for the processing. 
  • The data subject objects to the processing pursuant to GDPR Article 21 Para. 1 and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 Para. 2. 
  • The personal data has been unlawfully processed. 
  • The personal data has to be erased for compliance with a legal obligation in EU or Member State law to which the data controller is subject. 
  • The personal data has been collected in relation to the offer of information society services referred to in GDPR Article 8 Para. 1. 

In cases where one of the above grounds applies and a data subject wishes to have their personal data stored with 321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V. erased, the data subject can contact a staff member of the data controller at any time. The 321-2021: 1700 Jahre jüdisches Leben in Deutschland e.V. staff member contacted will ensure that the personal data in question is erased without delay. 

If personal data has been made public by 321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V. and if our society as data controller pursuant to GDPR Article 17 Para. 1 is obligated to erase such personal data, 321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V. will undertake appropriate measures (including technical measures) in light of available technology and the costs of implementation to inform other data controllers who are processing the publicized personal data that the data subject in question has requested that these third party data controllers erase all links to their personal data as well as any and all copies or replications of their personal data where processing is not required. The contacted staff member from 321-2021: 1700 Jahre jüdisches Leben in Deutschland e.V. will ensure that proper steps are taken in every case. 

e)    Right to restriction of processing 

The data subject has the right to obtain from the data controller restriction of processing where one of the following applies: 

  • The accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data. 
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead. 
  • The data controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defense of legal claims. 
  • The data subject has objected to processing pursuant to GDPR Article 21(1) pending the verification whether the legitimate grounds of the data controller override those of the data subject. 

Where one of the above requirements applies and a data subject wishes to have their personal data stored with 321- 2021: 1700 Jahre jüdisches Leben in Deutschland e.V. restricted, the data subject can contact a staff member of the data controller at any time. The contacted staff member from 321-2021: 1700 Jahre jüdisches Leben in Deutschland e.V. will ensure that processing is restricted. 

f)     Right of data portability

The data subject has the right to receive the personal data concerning them, which they have provided to a data controller, in a structured, commonly used and machine-readable format. The data subject also has the right to transmit this data to another controller without hindrance from the data controller to which the personal data has been provided, where the processing is based on consent pursuant to Article 6 Para. 1 (a) of the GDPR, or Article 9 Para. 2 (a) or on a contract pursuant to Article 6 Para. 1 (b) of the GDPR, and the processing is carried out by automated means. This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. 

In exercising their right to data portability pursuant to GDPR Article 20 Para. 1, the data subject has the right to have the personal data transmitted directly from one data controller to another, where technically feasible, and only if this right does not adversely affect the rights and freedoms of others. 

The data subject may contact a 321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V. staff member at any time to exercise their right to data portability. 

g)    Right to object

The data subject has the right to object at any time, on grounds relating to their particular situation, to processing of personal data concerning them which pursuant to GDPR Article 6 Para. 1 (e) or (f), including profiling based on those provisions. 

In case of objection, 321-2021: 1700 Jahre jüdisches Leben in Deutschland e.V. will cease to process the personal data except in cases where we can provide compelling and legitimate reasons for the processing that outweigh the data subject’s rights and freedoms or where the processing serves the establishment, exercise, or defense of legal claims. 

If 321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V. processes personal data for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing. Should the data subject object to processing for direct marketing purposes by 321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V., our society will no longer process the personal data for such purposes. 

If personal data is processed for scientific or historical research purposes or statistical purposes pursuant to GDPR Article 89 Para. 1, on grounds relating to their particular situation, the data subject also has the right to object to processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest. 

The data subject may contact any 321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V. staff member at any time to exercise their right to object. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject also may exercise their right to object by automated means using technical specifications. 

h)   Automated individual decision-making, including profiling

Based on European Union directives and guidelines, the data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. This applies if the decision (a) is necessary for entering into, or performance of, a contract between the data subject and a data controller; (b) is authorized by EU or Member State law to which the data controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or (c) is based on the data subject’s explicit consent. 

If the decision (a) is necessary for entering into, or performance of, a contract between the data subject and a data controller; or (b) is based on the data subject’s explicit consent, 321–2021: 1700 Jahre jüdisches Leben in Deutschland e.V. will implement suitable measures to safeguard the data subject’s rights, freedoms and legitimate interests, at least the right to obtain human intervention on the part of the data controller, to express their point of view and to contest the decision. 

The data subject can contact a staff member of the data controller at any time to exercise this right to automated decision-making. 

i)      Right to withdraw consent 

The data subject has the right to withdraw their consent to the processing of their personal data at any time. 
The data subject can contact a staff member of the data controller at any time to exercise this right to withdraw consent. 

10. Applications and the application process

The data controller collects and processes the personal data of applicants for the purpose of the application process. Processing may also be done electronically. This is particularly the case where an applicant submits application documents to the data controller by electronic means, for example, by email or via an online form on our website. If the data controller concludes a contract of employment with an applicant, the data transmitted will be stored for the purposes of the employment relationship in accordance with the statutory provisions. If the controller does not conclude a contract of employment with the candidate, the application documents will be automatically deleted two months after the rejection has been made known, unless erasure precludes other legitimate interests of the data controller. Other legitimate interests in this sense may be, for example, a burden of proof in a procedure under the German General Equal Treatment Act (AGG). 

11. Legal basis for processing

GDPR Article 6 I (a) serves as the legal basis for processing operations in our society for which we collect consent for a specific processing purpose. Where processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case e.g. during processing operations that are required for delivery of goods or rendering of any other service or compensation, processing shall be based on GDPR Article 6 I (b). The same applies to such processing operations that are required in order to take steps prior to entering into a contract, e.g. in cases of queries concerning our products and services. Where our society is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on GDPR Article 6 I (c). In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and their name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. In that case, the processing would be based on GDPR Article 6 I (d). Processing operations could ultimately be based on GDPR Article 6 I (f). This legal basis is provided when processing operations are not covered by any of the above legal bases, when processing is necessary to safeguard the legitimate interests of our society or a third party unless the interests, fundamental rights, and fundamental freedoms of the data subject prevail. Such processing operations are allowed to us particularly as they have been specifically mentioned in European Union directives. In that regard, it is considered that a legitimate interest could be assumed if the data subject is a customer of the data controller (GDPR Reasons for consideration 47, sentence 2). 

12. Legitimate interests in processing pursued by the data controller or a third data

Where the processing of personal data is based on GDPR Article 6 I (f), our legitimate interest is in conducting our business for the benefit of all of our employees and shareholders. 

13. Duration of storage for personal data

The criterion for the duration of storage for personal data is the individually legislated storage period. After this period, affected data is routinely erased except where it is required for contract fulfillment or initiation. 

14. Legal or contractual provisions for the provision of personal data; necessity for the conclusion of contracts; obligation of the data subject to provide personal data; possible consequences of non-provision     

We hereby clarify that the provision of personal information is in part required by law (such as tax regulations) or may also result from contractual arrangements (such as details of the contractor). Occasionally it may be necessary in concluding a contract that a data subject provides us with personal data that must subsequently be processed by us. For example, the data subject is required to provide us with personal information when our society concludes a contract with them. Failure to provide the personal data could mean that the contract with the data subject cannot be concluded. Before providing the personal data, the data subject must contact a member of our staff. Our staff member will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract, is required for the conclusion of the contract, or if there is a legal obligation to provide the personal data and what the consequence of failure to provide the personal data would be. 

15. Existence of automated decision-making

As a responsible society, we refrain from automatic decision-making. 

This Privacy Policy was written using the Privacy Policy Generator provided by DGD Deutsche Gesellschaft für Datenschutz GmbH which is active as an  Externer Datenschutzbeauftragter Bayern in cooperation with  Datenschutz Anwalt Christian Solmecke.