Privacy Protection Statement

Preliminary remark:

This is to inform you about the use of data by Social Impact gGmbH (hereinafter referred to as “Social Impact”). This privacy statement provides information about the type, extent and purpose of the processing of personal data within our on-line services and the sites, functionalities and contents as well as external on-line presences (e.g. social medial profiles of Social Impact). As regards the terms used reference is made to the definitions in Art. 4, General Data Protection Regulation (GDPR).

Social Impact collects, processes and uses (personal) data so you can use the information, offers and services. By consenting to this privacy statement you agree to the collection, processing and use of your (personal data) in accordance with the following provisions and in compliance with data protection law. We only use a user’s personal data in compliance with the respective data protection regulations and in accordance with the principle of data economy and data avoidance. This means that your data will only be processed on the basis of a legal permission (if data are required / mandatory for the purpose of our contractual services or another service) or if a corresponding consent was given.

Personal data are individual details on facts or personal situations of an identified or identifiable natural person. When visiting our site data collected but not directly linked to your person are no personal data.

You may withdraw your consent with future effect at any time and/or object to a future use of your data unless both the processing and use of such data are needed for the purpose of the performance of a contract. As for the rest, Social Impact erases all data after expiration of statutory storage periods, if you have asserted a claim for erasure or if a storage is no longer required in order to achieve the originally intended (contractual) purpose.

Pursuant to Art. 13, GDPR, we will inform you about the legal bases of our processing of data. If a legal basis is not referred to in the privacy statement, the following shall apply: Legal basis for obtaining consents shall be Art. 6, para. 1, GDPR.

Your personal data are encrypted prior to a transmittal. We use SSL (secure socket layer). Social Impact also ensures that technical and organization measures are taken to provide max. protection from an unauthorized access, alteration or dissemination of data.

1. Controller and data protection commissioner

Controller in charge of the collection, processing and use of your personal data in terms of the German Federal Data Protection Law and the General Data Protection Regulation is Social Impact gGmbH, Schiffbauergasse 7, 14467 Potsdam, Federal Republic of Germany, represented by the directors Norbert Kunz or Gabriela Spangenberg.

Mr. Olaf Schulz is our data protection commissioner.

The data protection commissioner of Social Impact gGmbH may be contacted at Social Impact gGmbH, Oraniendamm 11, 13469 Berlin, and/or by e-mail (schulz@socialimpact.eu) or at +49 (0)30 20 89 87 615.

2. Collection, storage and use of personal data 

a) Provision of our statutory and business services

We process the data of our supporters, interested persons, customers and other persons in compliance with Art. 6, para. 1 b, GDPR, provided that we provide contractual services to you or perform activities within the scope of our business relationship or if we receive services or benefits. As for the rest, we process data of persons concerned pursuant to Art. 6 para. 1 f, GDPR, on the basis of our legitimate interests, e.g. administrative tasks or public relations. Data processed in this respect, the type, extent and purpose as well as the necessity of processing are based on the underlying contractual relationship. This includes inventory data and key data of persons such as name, address, etc, as well as contact data (e.g. e-mail address) and relevant project data (if any) (e.g. project content and information). We will erase data that are no longer needed for our statutory and commercial purposes. Such erasure is based on the respective tasks and contractual relationship. In case of a commercial processing we will store data as long as they are needed for a transaction and with a view to possible warranty and liability obligations. The data storage necessity is checked in intervals of three years. As for the rest the respective statutory storage periods apply 

b) Visiting the site

When visiting our site socialimpact.eu the browser you are using automatically transmits information to the server of our site. Such information are stored temporarily in a so-called log file. The following information are stored until automatic erasure without any action on your part:

  • IP of requesting computer
  • date and time of access
  • name and URL of retrieved file
  • site from which our site is accessed (referrer URL)
  • browser used and operating system of your computer and name of your access provider

Aforementioned data are processed by us for the following purposes:

  • ensuring a smooth connection to the site
  • ensuring a comfortable use of our site
  • use of services provided
  • assessment of system security and stability
  • additional administrative purposes

Legal basis for data processing: Art. 6, para. 1 f, GDPR. Our legitimate interest results from the listed purposes of data processing. In no event the data collected will be used for the purpose of drawing conclusions about your person. 

c) Registration for our newsletter

If you have given your explicit consent pursuant to Art. 6, para. 1 a, GDPR, we will use your e-mail address for the purpose of sending you our newsletter in regular intervals. To receive the newsletter we only need your e-mail address.

Registration for our newsletter is based on the so-called opt-out method, i.e. after registration you will receive an e-mail in which you are requested to confirm your registration. Such confirmation is needed to prevent any other person from registering by using another person’s e-mail address. Newsletter registrations are logged in order to produce evidence of the registration procedure as provided for by law. This includes the storage of time of registration and confirmation and the IP address. Changes to your data stored by the dispatch provider will be logged as well.

You may sign off at any time e.g. by using a link at the end of each newsletter. Alternatively, you may send a corresponding e-mail to newsletter@socialimpact.eu 

The newsletter is dispatched using “MailChimp” a newsletter dispatch platform by Rocket Science Group, LLC, 675 Ponce de Leon Ave NE #5000, Atlanta, GA 30308, USA. The newsletter dispatch company’s data protection regulations can be accessed as follows: mailchimp.com/legal/privacy/. Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield thus ensuring compliance with the European data protection standard

(https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The dispatch service provider is used on the basis of our legitimate interests pursuant to Art. 6, para. 1 f, GDPR, and an order processing contract pursuant to Art. 28, para. 3, sentence 1, GDPR.

The dispatch service provider may use pseudonymised recipient data, i.e. data that cannot be assigned to a user. The dispatch service provider may use these data for the purpose of optimizing its own services, e.g. in order to technically optimize its own dispatch and the design of the newsletter or for statistical purposes. The dispatch service provider does not use our newsletter recipient data in order to contact users and/or to disclose such data to third parties.

d) Using our contact form

In case of questions you may contact us, using the contact form on our site. A valid e-mail address will be required so we know the requesting party’s identity and in order to reply to a request. Additional information may be provided voluntarily.

Data processing for the purpose of establishing a contact is based on Art. 6, para. 1 a, b, GDPR,  your voluntary consent or your request. 

Personal data collected by us in connection with the use of the contact form will be deleted automatically after your inquiry is settled.

e) Polls, tenders & applications

From time to time Social Impact uses the site to conduct polls and tenders, and you can apply on-line for a job. Unless otherwise provided for your personal data transmitted in connection with a participation in such polls, tenders or applications are solely collected, processed and used to the extent needed for such poll, tender or application. Such data are processed for the purpose of fulfilling our (pre-)contractual obligations in the course of an application, tender or poll (Art. 6, para. 1 b, GDPR).

Corresponding forms are generated using Wufoo, a service provided by SurveyMonkey Inc., 101 Lytton Avenue, Palo Alto, CA 94301, USA. We concluded corresponding agreements to ensure that Wufoo will use and process your data solely as commissioned and directed by us. Wufoo will neither sell your data nor disclose them to third parties. For further details see the privacy statement of Wufoo (https://de.surveymonkey.com/mp/legal/privacy-policy/.

f) Google Analytics

Based on Art. 6, para. 1 f, GDPR, we use Google Analytics for the purpose of an appropriate design and continuous optimization of our sites. Google Analytics is a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA – hereinafter referred to as “Google”). In this respect pseudonymised user profiles are created and cookies are used. Information about your use of this site generated by the cookie such as 

  • browser type and version
  • operating system used
  • referrer URL (previously visited site)
  • host name of accessing computer (IP address)
  • time of server request

are transmitted to a Google server located in the USA and stored there. These information are used in order to analyse the use of the site, to compile reports on site activities and to provide other services related to the use of the site and the Internet for the purpose of market research and an appropriate design of these sites. These information may be disclosed to third parties if provided for by law or if third parties provide order commissioning services. In no event your IP address is merged with other Google data. IP addresses are anonymized to prevent an assignment (IP masking).

You may prevent an installation of cookies by configuring your browser software correspondingly. It is pointed out that in such case not all functionalities of this site can be used in full.

You may also prevent a collection of data generated by the cookie and referring to the use of the site (incl. your IP address) as well as the processing of these data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

For further information about data protection in connection with Google Analytics see Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de). 

g) Social media and YouTube plug ins

Based on Art. 6, para. 1 f, GDPR, our site uses social plug ins of Facebook, Twitter and Instagram in order to popularize Social Impact even more. The underlying marketing purpose constitutes a legitimate interest in terms of the GDPR. Responsibility for an operation in conformity with data protection shall be ensured by the respective provider. These plug ins are integrated by way of the so-called double click method in order to protect visitors of our site in the best possible way. 

aa) Facebook 

Our site uses social media plug ins of Facebook in order to personalize its use even more. We use the “LIKE” or “SHARE” button. It is a service provided by Facebook.

If you visit a page of our site containing such a plug in, your browser will directly connect to the Facebook servers. The content of the plug in is directly transmitted to your browser integrating it into the site.

By integrating the plug in Facebook will know that your browser accessed the respective page of our site even if you do not have a Facebook account or if you are not logged in to Facebook. Your browser directly transmits this information (including your IP address) to a Facebook server located in the USA and it will be stored there.

If you are logged in to Facebook, Facebook can directly assign the visit to our site to your Facebook account. If you interact with the plug ins (e.g. by clicking the “LIKE” or “SHARE” button), the corresponding information will be transmitted directly to a Facebook server and stored there. Such information will also be published on Facebook and shown to your Facebook friends.

Facebook may use such information for marketing, market research and an appropriate design of Facebook pages. In this respect Facebook creates profiles regarding usage, interests and relationships, e.g. for the purpose of analyzing your use of our site with a view to the advertisements displayed on Facebook, informing other Facebook users about your activities on our site and providing other services related to the use of Facebook.

If you do not want Facebook to assign data on our site to your Facebook account, you have to log out of Facebook prior to visiting our site.

As regards purpose and extent of data collection and the further processing and use of data by Facebook and your respective rights and settings protecting your privacy reference is made to the privacy statement of Facebook (https://www.facebook.com/about/privacy/).

bb) Twitter 

Plug ins of the short message service network of Twitter Inc. (Twitter) are integrated into our sites. The Twitter plug ins (tweet buttons) can be identified by the Twitter logo on our site. Overview of tweet buttons: about.twitter.com/resources/buttons).

If you visit a page of our site containing such plug in, your browser will directly connect to the Twitter servers. This way Twitter will know that you visited our site, using your IP address). If you click the tweet button whilst logged in to your Twitter account you can link the contents of our pages to your Twitter profile. This way Twitter may assign your visit to our site to your user account. It is pointed out that we being the provider of the pages do not know the contents of the data transmitted to and used by Twitter.

If you do not want Twitter to assign a visit to our site, please log out of your Twitter user account.

 For further details see the privacy statement of Twitter (https://twitter.com/privacy).

cc) Instagram

Our site also uses so-called social plug ins of Instagram operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (hereinafter referred to as “Instagram”). These plug ins are marked with an Instagram logo (e.g. Instagram camera).

If you visit a page of our site containing such a plug in, your browser will directly connect to the Instagram servers. The content of the plug in is directly transmitted to your browser integrating it into the site. By integrating the plug in Instagram will know that your browser accessed the respective page of our site even if you do not have an Instagram account or if you are not logged in to Instagram. Your browser directly transmits this information (including your IP address) to an Instagram server located in the USA and it will be stored there. If you are logged in to Instagram, Instagram can directly assign the visit to our site to your Instagram account. If you interact with the plug ins (e.g. by clicking the “Instagram” button), the corresponding information will be transmitted directly to an Instagram server and stored there.

Such information will also be published on your Instagram account and shown to your contacts.

If you do not want Instagram to assign data on our site to your Instagram account, you have to log out of Instagram prior to visiting our site.

For further details see the privacy statement of Instagram (https://help.instagram.com/155833707900388).

dd) YouTube

Our site uses plug ins of YouTube operated by Google. Site operator: YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit a page of our site that includes the YouTube plug in, there will be a direct connection with the YouTube servers. This way YouTube will know that you visited our site. If you are logged in to your YouTube account, YouTube will be able to directly assign your surfing pattern to your personal profile. You may prevent that by logging out of your YouTube account

The use of YouTube is in the interest of an adequate design of our on-line services. This constitutes a legitimate interest in terms of Art. 6, para. 1 f, GDP

For further details see the privacy statement of YouTube (https://www.google.de/intl/de/policies/privacy).

h) Use of web fonts

aa) Our site uses external fonts (Google Fonts). Google Fonts is a service provided by Google Inc. (“hereinafter referred to as “Google”. These web fonts are integrated by way of a server call (generally a Google server in the USA). This way a server knows which pages of our site you visited. The browser’s IP address of a visitor’s terminal will be stored by Google. For detailed information see the privacy statement of Google (https://policies.google.com/privacy?hl=de).

bb) Our site also uses Adobe Typekit Webfonts. Typekit is a service of Adobe providing fonts shown in a web browser after a server call in the USA. At least a user’s browser IP address will be stored by Adobe. For further details see the privacy statement of Typekit:

(https://www.adobe.com/de/privacy/policies/typekit.html).

3. Transfer of data

A transfer of data to third parties for purposes differing from those mentioned below is excluded.  

Your personal data will be transferred to third parties, if

  • you have given your explicit consent thereto pursuant to Art. 1, para. 1 a, GDPR,
  • a transfer is required for the purpose of establishing, exercising or defending legal claims pursuant to Ar. 6, para. 1 f, GDPR, and if there is no reason to believe that there is an overriding legitimate interest in a non-disclosure of your data on your part,
  • there is a legal obligation to transfer data (Art. 6, para. 1 c, GDPR),
  • this is legally permissible for the performance of contracts concluded with you (Art. 6, para. 1 b, GDPR).

4. Cookies

Our site uses cookies. Cookies are small files that are generated automatically by your browser and stored on your terminal (laptop, tablet, smart phone, etc.), when you visit our site. Cookies do not damage your terminal, they do not contain any viruses, Trojans or other malware. A cookie includes information related to the respective terminal. However, this does not mean that we know your identity.

Cookies are used to make the use of our services even more comfortable for you. We use so-called session cookies in order to see that you already visited pages of our site. After leaving our site they will be deleted automatically. We also use temporary cookies in order to optimize user-friendliness. These cookies are stored on your computer for a fixed period of time. If you re-visit our site in order to use our services we can see that you already visited us and we can see your entries and settings to avoid having to repeat them. We also use cookies for statistical purposes regarding the use of our site and for the purpose of analysis aiming at an optimization of our services. These cookies help us find out that when revisiting our site you already visited us. These cookies will be deleted automatically after a defined period of time.

Data processed by way of cookies are required for the aforementioned purposes in order to safeguard our legitimate interests and the legitimate interests of third parties pursuant to

Art. 6, para. 1 f, GDPR.

Most browsers accept cookies automatically. You may configure your browser in a way that no cookies will be stored on your computer or that a notice will appear when a cookie is generated. A deactivation of cookies could mean that not all functionalities of our site can be used. 

5. Rights of person concerned

You have the following rights:

  • You may demand a confirmation to see if data are processed and demand information about these data as well as additional information and a copy of such data (Art. 15, GDPR).
  • You may demand an immediate rectification of your incorrect personal data or a completion of your personal data stored by us (Art. 16, GDPR).
  • You may demand an erasure of personal data stored by us, unless the processing is required to exercise the right of freedom of expression and information, to comply with a legal obligation, for reasons of public interest or for the purpose of establishing, exercising or defending legal claims (Art. 17, GDPR).
  • You may demand a restriction of the processing of your personal data, if you contest the accuracy of data, the processing is illegitimate but you refused an erasure and if we do no longer need these data but if you need them to establish, exercise or defend legal claims (Art. 18, GDPR), or if you have objected to the processing (Art. 21, GDPR).
  • You have the right to receive your personal data provided to us in a structured, commonly used and machine-readable format or to demand a transfer to another controller (Art. 20, GDPR).
  • You may withdraw a consent given at any time (Art. 7, para. 3, GDPR).
  • You have the right to lodge a complaint with a supervisory authority (Art. 77, GDPR). As a rule you may contact the supervisory authority at your usual place of residence or at our registered office.

 6. Right to object

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6, para. 1 f, GDPR, you have the right to object to the processing of your personal data on grounds relating to your particular situation or where personal data are processed for direct marketing purposes (Art. 21, GDPR). In the latter case you have a general right to object that will be implemented without referring to a particular situation.

If you want to exercise your right to withdraw or object, please send an e-mail to

kommunikation@socialimpact.eu.

7. Data security

During your visit to our site we use the widespread SSL (secure socket layer) method in combination with the highest encryption level supported by your browser. This generally means a 256-bit encryption. If your browser does not support a 256-bit encryption we will use the 128-bit v3 technology instead. If there is a locked key symbol and/or a lock in the lower status bar of your browser you can see that a page of our site is encrypted prior to transmittal.

We generally take suitable technical and organizational precautions to protect your data from accidental or intentional manipulation, partial or full loss, destruction or unauthorized access by third parties. Our safety precautions are continuously improved using state-of-the-art technology.

8. Protection of minors

Persons under the age of 18 should not transmit personal data to us without the consent given by their parents or legal guardians. We do not urge children and young people to transmit any data. We do not intentionally collect such data and we do not disclose them to third parties.

9. Validity and modification of this privacy statement

This privacy statement is currently valid (version: May 2018).

 

Due to the development of our site and related services or due to statutory or regulatory provisions it may be necessary to modify this privacy statement. The current version of this privacy statement can be found at https://socialimpact.eu/EN/privacy-protection and printed out.


Social Impact Lab Frankfurt ist eine gemeinsame Initiative der JPMorgan Chase Foundation,

der KfW Stiftung, der Beisheim Stiftung und der Social Impact gGmbH.