Privacy Policy www.liberties.eu

(Obligation to inform according to GDPR)

Table of contents

I. Name and address of the controller

II. General information on data processing

1. Scope of the processing of personal data

2. Legal basis for the processing of personal data

3. Data deletion and storage period

III. Provision of the website, provision of information via RSS feed and creation of log files

1. Description and scope of data processing

2. Legal basis for data processing

3. Purpose of data processing

4. Categories of recipients of personal data and data processing outside of the European Union

5. Duration of data storage

6. Objection and removal possibility

IV. Use of cookies

1. Description and scope of data processing / Purpose of data processing / Legal basis of such processing

2. Categories of recipients of personal data and data processing outside of the European Union

3. Duration of storage, possibility of objection and removal

V. Newsletter distribution via Mailchimp

1. Description and scope of data processing

2. Legal basis for data processing

3. Purpose of data processing

4. Categories of recipients of personal data and data processing outside of the European Union

5. Storage duration

6. Objection and removal possibility

VI. Campaign tool

1. Description and scope of data processing

2. Legal basis for data processing

3. Purpose of data processing

4. Categories of recipients of personal data and data processing outside of the European Union

5. Storage duration

6. Objection and removal possibility

VII. Donation tool

1. Description and scope of data processing

2. Legal basis for data processing

3. Purpose of data processing

4. Categories of recipients of personal data and data processing outside of the European Union

5. Storage duration

6. Objection and removal possibility

VIII. E-mail contact, postal mail

1. Description and scope of data processing

2. Legal basis for data processing

3. Purpose of data processing

4. Categories of recipients of personal data and data processing outside of the European Union

5. Storage duration

6. Objection and removal possibility

IX. Applications

1. Purpose of data processing

2. Legal basis for data processing

3. Description of the categories of personal data

4. Categories of recipients to whom the personal data have been or will be disclosed

5. Storage duration

6. Necessity of providing the data

X. Embedded service providers

XI. Social media links

XII. Web analytics tool

1. Description and scope of data processing

2. Legal basis for data processing

3. Purpose of data processing

4. Categories of recipients of personal data and data processing outside of the European Union

5. Storage duration

6. Objection and removal possibility

XIII. Rights of the data subject

1. Right to information

2. Right to rectification

3. Right to restriction of processing

4. Right to erasure

5. Notification obligation

6. Right to data portability

7. Right to object

8. Right to revoke the declaration of consent under data protection law

9. Right of appeal to a supervisory authority


I. Name and address of the controller

The controller, according to the General Data Protection Regulation and other national data protection laws of the member states as well as other provisions of data protection law, is:

Civil Liberties Union for Europe e.V. (hereinafter referred to as Liberties)
Prinzenstrasse 103
10969 Berlin, Germany
Represented by Balázs Dénes
Phone: +49 (0) 30 89 63 69 25
E-mail: info@liberties.eu
Internet address: www.liberties.eu

II. General information on data processing

1. Scope of the processing of personal data

We normally only process the personal data of our users to the extent necessary to ensure the operation of our website, our content and our services. The processing of personal data of our users takes place regularly after consent of the user or due to our legitimate interests. An exception applies in those cases in which it is not possible to obtain prior consent for practical reasons and where the processing of the data is permitted by applicable law.

2. Legal basis for the processing of personal data

Where we obtain the consent of the data subject for the processing of personal data, the legal basis shall be Article 6(1)(a) of the EU General Data Protection Regulation (GDPR).

Article 6(1)(b) GDPR serves as the legal basis for the processing of personal data required for the fulfilment of a contract to which the data subject is a party. This also applies to any processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our organisation is subject, Article 6(1)(c) GDPR shall serve as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our organisation or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first interest, Article 6(1)(f) GDPR shall serve as the legal basis for this processing.

3. Data deletion and storage period

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage does not apply any more. In addition, the data may be stored if the European or national legislator has provided for this in EU regulations, laws or other provisions to which the controller is subject.

The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary to further store the data in order to conclude or fulfil a contract.

III. Provision of the website, provision of information via RSS feed and creation of log files

1. Description and scope of data processing

Each time a user accesses our website, our system automatically collects data and information from the system of the accessing computer.

The following data is collected:

  • IP address
  • Date and time of the request
  • Time zone difference to GMT
  • Content of the website
  • Access status (HTTP status)
  • Transferred data volume
  • Website from which you came to our website
  • Web browser
  • Operating system
  • Browser language and version

This happens both when you access our website directly and when you view our website content via an RSS feed.

The data is also stored in the log files of our system.

This data is not stored in conjunction with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR. The provision of personal data is partly in our legitimate interest and partly legally required (see point 5, paragraph Provider). It is not possible not to provide the data. Your only form of objection is by not visiting our website.

3. Purpose of data processing

In order to enable delivery of the website to the user's computer, the system needs to temporarily store the IP address. For this purpose, the IP address of the user must remain stored for the duration of the session.

The same applies to the provision of website content via RSS feed.

Data is stored in log files in order to ensure the functionality of the website. The data is also used for optimising the website and to ensure the security of our IT systems.

We also use the log files on a daily basis to determine the total number of clearly identified visitors to our website. It is not possible to deduce information about individual visitors from this. We determine the total number of website visitors in order to compare it to the number of visitors who have agreed to our tracking of their visit.

No further evaluation of the data for marketing purposes is carried out in this context.

These purposes also include our legitimate interest in data processing according to Article 6(1)(f) GDPR.

4. Categories of recipients of personal data and data processing outside of the European Union

As a rule, we do not pass on personal data to third parties unless we are obliged to do so by law or have obtained permission to do so.

Excluded from this is the involvement of service providers, e.g. for hosting the website, whom we have carefully selected with regard to data protection and for whom we have taken all measures required under data protection laws for legitimate data processing.

We use hosting services from hosting providers with whom we have a data processing agreement. The services we use are: Heroku, AWS.

Heroku

We use Heroku as our hosting server (website: https://www.heroku.com). Heroku, Inc. (650 7th St, San Francisco, CA 94103) is a subsidiary of Salesforce.com, Inc. or one of its affiliates (Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States).

Salesforce.com, Inc. is certified under the Privacy Shield Agreement, which guarantees its compliance with European privacy laws (https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK).

Heroku's privacy policy is available at:
https://www.salesforce.com/company/privacy/

AWS

The Content Delivery Network we are using is CloudFront by Amazon Web Services (AWS, Website: https://aws.amazon.com/). We use Amazon Cloudfront in order to increase the reliability of our online services, provide greater protection against data loss and improve the loading speed of this website.

Amazon Web Services Inc. (410 Terry Avenue North, Seattle, WA 98109-5210) is a subsidiary of Amazon.com, Inc. (410 Terry Avenue North Seattle, WA).

Amazon Web Services Inc. is certified under the Privacy Shield Agreement and thereby offers a guarantee of compliance with European data protection law. (https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4).

You can download the privacy policy of AWS here:
https://aws.amazon.com/de/privacy/.

Due to the integration of active content from service providers such as Facebook and YouTube, your data (specifically your IP address) will also be transferred to third countries when this content is accessed. More details on this can be found below in the notes on the individual providers, X – Embedded service providers.

5. Duration of data storage

The data will be erased as soon as it is no longer needed for achieving the purpose for which it was collected. If the data has been collected in order to provide the website, this will be the case once the session has ended. The same applies to access via the RSS feed.

If the data is stored in log files, the provider will anonymise the data after seven days.

According to § 113 b TKG (Telecommunications Act), only the (telecommunications-) provider is obliged to store the Internet protocol address assigned to the subscriber (a unique identifier used for the Internet connection) as well as an assigned user identifier and date and time of the beginning and end of Internet use under the assigned Internet protocol address, stating the underlying time zone, for a period of ten weeks.

Longer storage times may be possible in connection with the prosecution of administrative criminal offences.

6. Objection and removal possibility

The collection of data for the provision of the website as well as the storage of data in log files are essential for the operation of the website. Consequently, there is no possibility for the user to object, except for the aforementioned non-usage of our website.

IV. Use of cookies

1. Description and scope of data processing / Purpose of data processing / Legal basis of such processing

Our website uses cookies. Cookies are small data packages that can be stored on the hard drive of your computer when visiting websites. These cookies usually contain a characteristic string of characters that uniquely identifies the browser software when you return to the site or continue to the next page of the site.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing web browser can be identified even after a new page has been opened.

The following data is stored in the cookies we use:

- Storage of the value of whether basic cookies and session cookies are accepted for more convenient navigation ("Necessary") (Legal basis: legitimate interest according to Article 6(1)(f) GDPR.)

- Statistics cookies ("Performance")

Statistics cookies allow Liberties to track visitor interaction with the site in order to measure and improve site performance. (Legal basis: legitimate interest according to Article 6(1)(f).)

- Donation status and language preferences ("Preferences")

When you decide to donate, the website accompanies you through the donation process. This is required for the donation process to work. Other cookies are used to match the language preference of the user. (The legal basis for donation cookies is the conclusion of a contract according to Article 6(1)(b) GDPR. For language preference cookies it is consent according to Article 6 (1)(a) GDPR.)

- Storage of the value of whether third-party cookies are accepted ("Functional Preferences")

Only after third-party cookies have been accepted, content from third-party providers such as YouTube videos will be actively integrated into the site (Legal basis: consent pursuant to Article 6(1)(a) GDPR).) See also further below for information on the respective providers, X – Embeded Service Providers.

Upon accessing our website, users are informed by an information banner about the use of cookies and, if necessary, their consent is requested. We also refer you to this data protection declaration. In this context, we are also informing users on how to disable the storage of cookies in their browser settings.

In any current browser it is possible to delete individual or all cookies or alternatively to allow or prohibit the placement of cookies on a case-by-case basis. Please refer to the help pages of your respective browser for information on the corresponding options.

2. Categories of recipients of personal data and data processing outside of the European Union

As a matter of principle, we do not pass on personal data to third parties unless we are obliged to do so by law or unless we have obtained permission to do so.

Excluded from this is the integration of the service providers that make the hosting of the website and the hosting of the Web Analytics Tool possible (see underIII – Provision of the website und XIII - Web-Analytics Tool). We do not carry out any further processing within the framework of the provision of our website outside of the European Union (with the exception of the integrated service providers, see under X – Embeded Service Providers).

3. Duration of storage, possibility of objection and removal

Cookies are stored on the user's computer and transmitted to our site by the user, therefore, you (the user) have complete control over their useage. You can deactivate or restrict the transmission of cookies by changing the settings of your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically, for example every time you close your browser. However, if cookies are deactivated for our website, your preferences for our website will also be deleted (e.g. information as to whether you have consented to the use of third-party cookies).

V. Newsletter distribution via Mailchimp

1. Description and scope of data processing

We are sending out newsletters to our newsletter subscribers on a regular basis.

As part of the organisation of the newsletter distribution, the following data of our newsletter subscribers is processed:

When setting up the newsletter subscription, we ask for the first name and surname (for personal contact) as well as the e-mail address of the person subscribing. The subscriber’s country of origin is also requested so that we can send out the newsletter in the appropriate national language (not all newsletter contents are always sent out in the national language).

2. Legal basis for data processing

Legal basis for the processing of your personal data in connection with the newsletter dispatch is Article 6(1)(a) GDPR in conjunction with your specific consent to receive the newsletter. You can revoke this consent to receive the newsletter at any time with effect for the future. For this purpose, it is sufficient to use the unsubscribe option at the end of each newsletter. Please note that the lawfulness of the processing of your data up to the time of revocation remains unaffected by the revocation.

3. Purpose of data processing

We use our newsletter service provider to deliver our newsletter to the subscribers of our newsletter.

4. Categories of recipients of personal data and data processing outside of the European Union

The service provider we use for sending our newsletter is Mailchimp. Since the company operating Mailchimp and its IT infrastructure are located in the United States, data is transferred to third parties in a non-secure third country. Therefore, additional security is required when data is transferred to Mailchimp. In the case of Mailchimp this is achieved by the so-called "Privacy Shield".

The Rocket Science Group LLC, which operates Mailchimp, is certified in accordance with the requirements of the Privacy Shield. (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG). This means that the prerequisites for Mailchimp to process the personal data of our newsletter subscribers in accordance with data protection laws are met.

Here (https://mailchimp.com/legal/) you will find all legal information (such as general and special terms and conditions provided by Mailchimp), here (https://mailchimp.com/legal/privacy/) you can find concrete information on their data protection information.

5. Storage duration

Your data will remain stored in our newsletter database for as long as you wish to receive our newsletter. If you revoke your consent the newsletter dispatch will be stopped and afterwards your data will be deleted from our newsletter mailing list.

6. Objection and removal possibility

You can revoke your consent to receive the newsletter at any time with effect for the future. To do this, you only need to use the unsubscribe option at the end of the respective newsletter. Please note that the lawfulness of the processing of your data up to the time of revocation remains unaffected by the revocation.

VI. Campaign tool

1. Description and scope of data processing

We carry out campaigns on a regular basis. On our websites we offer the opportunity to participate in our campaigns to those who are interested.

As part of the organisation of campaign participation, the following data on the participants in our campaigns is processed:

When you join the campaign, we ask for your name (for personal contact), e-mail address and country. In some cases we offer the possibility to subscribe to a Campaign Info Mail. The country of origin of the subscriber is requested so that the Campaign Info Mail can be sent in the appropriate national language if necessary (not all Campaign Info Mail content is always sent in the national language).

2. Legal basis for data processing

The legal basis for the processing of your personal data in the context of the campaign tool is Article 6(1)(a) GDPR in conjunction with your specific consent to participate in the respective campaign. You may revoke your consent to participate in the campaign at any time with effect for the future. For this purpose, all you need to do is to make use of the unsubscribe option at the end of the respective campaign info mail. Please note that the lawfulness of the processing of your data up to the time of revocation remains unaffected by the revocation.

3. Purpose of data processing

Using the campaign tool (petition tool, e-mail campaign tool, campaign infomail) we enable interested parties to participate in our campaigns and, upon request, we use infomails to keep campaign participants informed about current developments regarding the respective campaign.

4. Categories of recipients of personal data and data processing outside of the European Union

The service provider we use for sending our Campaign Infomails is Mailchimp. Since the company operating Mailchimp and its IT infrastructure are located in the United States, data is transferred to third parties in a non-secure third country. Therefore, additional security is required when data is transferred to Mailchimp. In the case of Mailchimp, this is achieved by the so-called Privacy Shield.

The Rocket Science Group LLC, which operates Mailchimp, is certified in accordance with the requirements of the Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG). This means that the prerequisites for Mailchimp to process the personal data of our campaign newsletter subscribers in accordance with data protection laws are met.

Here (https://mailchimp.com/legal/) you will find all legal information (such as general and special terms and conditions provided by Mailchimp), here (https://mailchimp.com/legal/privacy/) you can find concrete information on their data protection information.

5. Storage duration

Your data will remain stored in our Infomail database for as long as you wish to participate in the respective campaign. If you revoke your consent, the campaign infomail will no longer be sent to you and your data will be deleted from our database. If you are only participating but have not subscribed to the campaign info mail, your data will be deleted within 30 days after the end of the campaign.

6. Objection and removal possibility

You can revoke this consent to your participation in the campaign at any time with effect for the future. To do this, all you have to do is use the unsubscribe option at the end of the respective campaign info mail. Please note that the lawfulness of the processing of your data up to the time of revocation remains unaffected by the revocation.

VII. Donation tool

1. Description and scope of data processing

On our website, you have the possibility to support us once or regularly with donations. To do this, all you have to do is click on the donation button displayed on every page.

By clicking on this button, you will be taken to the donation page, where you will be asked to accept cookies (if you have not done so previously). Two cookies will then be set, one from Stripe, our payment service provider, and one from PayPal, our second payment service provider.

Depending on which payment service provider you choose, you will either be taken directly to a PayPal page (after clicking on Donate with PayPal), where you can enter your payment and legitimize it by logging in to PayPal, or if you have clicked on "NEXT" and want to pay using Stripe, you will be asked for further information (amount of donation, cycle, name, email address, card number). We only send the payment data to Stripe without further processing the data ourselves.

Liberties does not see your bank or credit card details for either payment method; these are only processed by the payment service provider. Here (https://stripe.com/de/privacy you can find Stripe's data protection declaration and other conditions (https://stripe.com/de/privacy, depending on your browsers language settings a translation might be available). You can find PayPal's privacy policy at (https://www.paypal.com/GR/webapps/mpp/ua/privacy-full) and the various other terms and conditions at (https://www.paypal.com/GR/webapps/mpp/ua/legalhub-full).

2. Legal basis for data processing

The legal basis for the processing of your personal data in connection with your donation is Article 6(1)(b) GDPR.

3. Purpose of data processing

The donations help us to co-finance our work. To do this, we have to process the data of the donors mentioned above.

4. Categories of recipients of personal data and data processing outside of the European Union

Both payment service providers are located in the United States, which means that data is transferred to third parties in a non-secure third country. Therefore, additional security is required if data is to be transferred to these payment service providers. In the case of Stripe, this is achieved through the so-called "Privacy Shield".

Stripe, Inc., 510 Townsend Street, San Francisco, California 94103, is certified in accordance with the requirements of the Privacy Shield. (https://www.privacyshield.gov/participant?id=a2zt0000000TQOUAA4&status=Active). This means that Stripe meets the prerequisites for processing the personal data of our donors as required by data protection law.

PayPal Inc. has issued binding corporate rules for data protection (see https://www.paypal.com/gr/webapps/mpp/ua/bcr and https://cnpd.public.lu/fr/actualites/national/2018/02/bcr-paypal.html).

This means that the prerequisites are met for PayPal to be able to process the personal data of our donors in accordance with data protection laws.

5. Storage duration

Your data will remain stored with our financial accounting for as long as we are obliged to keep our accounts under the relevant tax law for associations. Specifically, the German Fiscal Code in §§ 140 ff. obliges us to keep our accounts for 6 to 10 years.

6. Objection and removal possibility

You can revoke your consent to the donation (at least for recurring donations) at any time with future effect through Stripe or PayPal. A revocation affects the personal data, which must be processed, used or transmitted for (contractual) payment processing, only after the expiry of legally prescribed retention periods. For this purpose, please use the information provided by Stripe and PayPal within the context of your donation. Please note that the lawfulness of the processing of your data up to the time of revocation remains unaffected by the revocation.

VIII. E-mail contact, postal mail

1. Description and scope of data processing

You can use the provided e-mail address to contact us. In this case, the personal user data transmitted with the e-mail will be stored. The same applies similarly to postal mailings.

In this context, no data will be passed on to third parties. The data will only be used for communication with the user.

2. Legal basis for data processing

The legal basis for the processing of the data transmitted in the course of an e-mail transmission is Article 6(1)(f) GDPR. If the purpose of the e-mail contact is the conclusion of a contract, Article 6(1)(b) GDPR is an additional legal basis for the processing. The same applies similarly to postal mail.

The provision of personal data is not required by law or contract, but may serve to conclude a contract for the reasons stated above.

3. Purpose of data processing

In the event of contact being established by e-mail, this also constitutes the required legitimate interest in the processing of the data. The same applies similarly to postal deliveries.

4. Categories of recipients of personal data and data processing outside of the European Union

As a matter of principle, we do not pass on personal data to third parties unless we are obliged to do so by law or unless we have obtained your consent to do so.

Excluded from this is the integration of the service provider who provides our e-mail hosting. Other than that, no data is processed outside of the European Union.

5. Storage duration

The data will be deleted as soon as it is no longer required for achieving the purpose for which it was collected. For the personal data sent by e-mail or post, this is the case when the respective conversation with the user has ended. The conversation has ended once it can be inferred from the circumstances that the matter in question has been conclusively clarified. Further retention periods may result from the German Tax Code or the Commercial Code (§ 195 BGB, 3-year regular limitation period).

6. Objection and removal possibility

At any time, the user has the possibility to revoke their consent to the processing of personal data with effect for the future. For this purpose, a new message via the contact form or a message by e-mail is sufficient.

If the user contacts us by e-mail, they can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

In this case, all personal data stored in the course of establishing contact will be deleted unless legal retention periods conflict with this. The same applies similarly to postal deliveries.

IX. Applications

1. Purpose of data processing

  • Address management and e-mail communication
  • Conducting the application process
  • Reimbursement of travel expenses for applicants' arrival
  • Data that may be used in the application process to assert, exercise or defend potential legal claims (e.g. claims under the German General Act on Equal Treatment)
  • In the case of recruitment for transfer to the personnel file
  • Management of data protection rights of data subjects

2. Legal basis for data processing

Re 1: Address management and processing is part of the application process. The processing of your personal data is necessary to establish an employment relationship with you as the person concerned, therefore we process your data in accordance with Article 6(1)(b) GDPR in conjunction with § 26 paragraph 1 sentence 1 German Data Protection Act (BDSG).

Re 2: Since processing is necessary to establish an employment relationship with you as the data subject, we process your data in accordance with Article 6(1)(b) GDPR in conjunction with

§ 26 paragraph 1 sentence 1 BDSG.

Re 3: According to § 670 BGB, applicants are legally entitled to reimbursement of the necessary interview costs if no provision has been made as to which costs for travel to the interview will be covered by the employer. Since the processing is necessary to conduct the interview and thus to establish an employment relationship with you as the person concerned, we process your data in accordance with Article 6(1)(b)GDPR in conjunction with § 26 paragraph 1 sentence 1 BDSG.

Re 4: We may use your personal data, which we have received during the application process, to assert, exercise or defend potential legal claims (e.g. if Liberties would be exposed to claims under the General Equal Treatment Act). The legal basis for the processing is Article 6(1)(f) GDPR. Liberties has a legitimate interest in the use of personal data for the aforementioned reasons.

Re 5: The data will be transferred to the personal file of the potential employee after recruitment. The legal basis for the processing is Article 6(1)(b) GDPR in conjunction with Article 26 paragraph 1 sentence 1 BDSG.

Re 6: The processing is carried out to comply with or fulfil the legal obligation of the data subjects' rights under data protection law mentioned in Chapter III (Articles 12-22) GDPR, to which Liberties must comply as the responsible party within the meaning of Article 4(7)GDPR. The legal basis for this processing is Article 6 (1)(c)GDPR.

3. Description of the categories of personal data

Re 1: Contact data (surname, first name, e-mail address, telephone number, address data, contact type, fax number), communication contents.

Re 2: Cover letter, curriculum vitae, photographs, certificates and other proofs of qualification as well as other data which were sent on a voluntary basis as part of the application process.

Re 3: Travel data (e.g. arrival and departure, travel expenses, travel funds), bank details.

Re 4: Master data, communication data, data to prove a legally compliant application process.

Re 5: Master data, communication data, covering letter, curriculum vitae, photograph, certificates and other proofs of qualification as well as other data which were sent voluntarily within the scope of the application process.

Re 6: Declarations of revocation of any consent you may have given; declarations of objection which you may submit to the processing of your personal data; declarations and information which we receive from you for or in connection with the assertion of your data protection rights as specified in Chapter III (Articles 12-22) GDPR.

4. Categories of recipients to whom the personal data have been or will be disclosed

Within Liberties, to those employees who need to receive the data in order to carry out the application process (management, specialist department, human resources department), as well as the telephone service used in the performance of our activities and the IT service providers with whom we have concluded appropriate contracts in order to ensure the protection of your personal data at all times and, if necessary, to the authorities for possible criminal investigations.

5. Storage duration

If Liberties has not recruited you after the application process has been completed, your data will be deleted within 6 months of the rejection of your application. If your application is successful and you are employed by Liberties, your personal data will be deleted once the purpose of the data processing no longer applies, at the latest after termination of the employment relationship (storage limitation), unless legal retention periods or legal limitation provisions preclude deletion.

6. Necessity of providing the data

The provision of your personal data is neither required by law nor by contract. However, the provision of your personal data is necessary for the execution of the application process. If you do not wish to make your personal data available, we will not be able to consider you for an application process at Liberties.

X. Embedded service providers

We integrate functions of external service providers on our websites (e.g. the integration of videos) that have their own data protection regulations.

If you allow third-party cookies on our website, the content of those third-party providers will be downloaded. Your data will not be transferred to these service providers beforehand.

Below is a list of the service providers involved:

1. Flourish.studio – Interactive diagrams and creation of infographics

On some of our subpages we use embedded interactive diagrams and infographics to present data and numbers in visually easy to understand formats without requiring you to leave the Liberties pages. When you open a subpage with an embedded Flourish.studio diagram, the iframe (https://en.wikipedia.org/wiki/IFrame) embedded by us communicates with the servers of https://flourish.studio and you thereby accept their terms and conditions (https://flourish.studio/terms/). The provider of the service used is the British company Kiln Enterprises Ltd, 08825531 G06, 16 Baldwin's Gardens, London EC1N 7RJ, United Kingdom. If the iframe is loaded and the selected cookie setting permits this, the service provider uses cookies that collect information about user behaviour. Further information on data protection at "Flourish.studio" can be found in the provider's data protection declaration (https://flourish.studio/privacy/).

2. InterAct – Creation of embeddable quizzes and questionnaires

On some of our subpages we use embedded quizzes and questionnaires to inform our users in an interactive format, without requiring them to leave the Liberties pages. When users open a subpage with an embedded InterAct quiz, the iframe (https://en.wikipedia.org/wiki/Iframe) that we have embedded communicates with the servers of www.tryinteract.com and you thereby accept their general terms and conditions (https://www.tryinteract.com/terms). The provider of the service used is The Quiz Collective, Inc. 2443 Fillmore St #380-14013, San Francisco, CA 94115, USA. If the iframe is loaded and the selected cookie setting permits this, the provider uses cookies that collect information about user behavior. For more information about privacy at TryInterAct, see the provider's privacy statement (https://www.tryinteract.com/privacy).

3. Embedded image galleries

On some of our subpages we integrate a tool which displays images as an automatically rolling gallery. The provider of this tool is Flipsnack, a Smartketer LLC subsidiary, 156 2nd Street, San Francisco, CA 94105 USA. You can view Flipsnack's terms and conditions here (https://www.flipsnack.com/legal-information/terms-of-service.html).

If you visit a subpage where the Flipsnack Gallery tool is embedded in an iframe (https://en.wikipedia.org/wiki/Iframe), the images will be loaded and displayed from the Flipsnack servers. If you use the gallery, Flipsnack sets cookies in your browser.

You can find further information on data protection at "Flipsnack" in the provider's data protection declaration (https://www.flipsnack.com/de/features/privacy-options).

4. Embedded PDF viewer

On some subpages we offer extensive content in the form of PDF files, which can be displayed directly on the website using a tool we use, without requiring you to leave the liberties.eu website.

If you open one of our subpages on which the tool is integrated and the content is displayed in an iframe (https://en.wikipedia.org/wiki/Iframe), the iframe establishes a connection to the provider and accepts its general terms and conditions. If you use the embedded PDF viewer, Isuu Inc sets cookies in your browser.

The tool is provided by Issuu Inc, 131 Lytton Ave, Palo Alto, CA 94301, United States. The general terms and conditions can be found here (https://issuu.com/legal/terms).

Further information on data protection at "Issuu" can be found in the provider's data protection declaration (https://issuu.com/legal/privacy).

5. Embedded europa.eu video player - Theoplayer

On some subpages we embed a video player provided by the European Union (https://audiovisual.ec.europa.eu/en/ebs/both/20191025), which allows you to view multilingual live and recorded EU-related streams without having to leave the liberties.eu website.

If you open one of our subpages where this video viewer is integrated and the content is displayed in an iframe (https://en.wikipedia.org/wiki/Iframe), a connection to the provider is established and their cookie policy is accepted (http://ec.europa.eu/info/cookies_en). If you use this video viewer, cookies are set in your browser.

The provider of the integrated EU video player is Theoplayer by THEO Technologies NV, Philipssite 5, Bus 1 Leuven 3001, Belgium.

Further information on data protection at "Theoplayer" can be found in the provider's data protection declaration (https://ec.europa.eu/info/privacy-policy_en).

6. Embedded YouTube-Videos

On some subpages we include YouTube videos.

If you open one of our subpages on which a YouTube video is embedded and the content is displayed in an iframe (https://en.wikipedia.org/wiki/Iframe), the iframe establishes a connection to the provider and exchanges data with this provider. If you use this video viewer, cookies are set in your browser.

Usually we integrate YouTube videos using "youtube-nocookies"; older videos may still be integrated directly via YouTube.

The provider of the YouTube player is YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, USA, a company belonging to Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA.

Further information on data protection at "YouTube" can be found in the provider's data protection declaration (https://www.google.de/intl/de/policies/privacy/).

7. Embedded Facebook videos

On some subpages we include Facebook videos.

When you open one of our subpages that includes a Facebook video and the content is displayed in an iframe (https://en.wikipedia.org/wiki/Iframe), the iframe connects to the provider and exchanges data with it. If you use this video viewer, cookies are set in your browser.

The Facebook video player is offered by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

For more information about privacy at Facebook, please see the provider's privacy policy (https://www.facebook.com/privacy/explanation).

8. Embedded Vimeo videos

On some subpages we include videos using Vimeo.

If you open one of our subpages that includes a Vimeo video and the content is displayed in an iframe (https://en.wikipedia.org/wiki/Iframe), the iframe establishes a connection to the provider and exchanges data with this provider. If you use this video viewer, cookies are set in your browser.

The provider of the Vimeo video player is Vimeo LCC, 555 West 18th Street, New York, New York 10011, USA.

For more information about Vimeo's privacy practices, please refer to the provider's privacy policy (https://vimeo.com/privacy).

9. Embedded Twitter videos

On some subpages we include videos from Twitter.

If you open one of our subpages that includes a Twitter video and the content is displayed in an iframe (https://en.wikipedia.org/wiki/Iframe), the iframe establishes a connection to the provider and exchanges data with this provider. If you use this video viewer, cookies are set in your browser.

The provider of the Twitter video player is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

For more information about Twitter's privacy practices, please refer to the provider's privacy policy (https://twitter.com/en/privacy).

10. Telephone contacts via OpenMedia / NewMode

On some subpages we offer the possibility to call your political representative (e.g. in the European Parliament). For this purpose we are using a tool which is operated by OpenMind in cooperation with New/Mode.

If you open one of our subpages that includes this calling tool and the content is displayed in an iframe (https://en.wikipedia.org/wiki/Iframe), the iframe establishes a connection to the provider and exchanges data with this provider. If you use this calling tool, cookies are set in your browser.

Providers of the tool are OpenMedia, 1424 Commercial Drive, PO Box #21674, Vancouver, BC, CANADA V5L 5G3 and New/Mode Inc, 321 Main Street, Vancouver, BC, CANADA.

Further information on data protection at "OpenMedia" can be found in the provider's data protection declaration (https://openmedia.org/privacy-policy).

Further information on data protection at "New/Mode" can be found in the provider's data protection declaration (https://www.newmode.net/privacy).

XI. Social media links

On our website, we offer you the opportunity to share these respective websites via social media. However, we only use share links to integrate social media. This means that your data is not automatically transferred to social media providers when you visit our websites.

Only if you follow the appropriate link are you directed to the social media, where your data will be processed accordingly.

We provide the sharing function for the following social media:

  • Twitter
  • Facebook
  • LinkedIn

We also provide the sharing function by e-mail and by copying the URL of the respective website.

On our website we also refer to our social media pages, specifically our Facebook page, our Twitter account and our YouTube account.

With these links, too, your data will only be processed by the social media once you click on these links, leave our website and open our respective page at the provider of the social medium.

XII. Web analytics tool

1. Description and scope of data processing

When you visit our website, your surfing behaviour can be analysed statistically. This is done primarily with cookies and web analytics programs. We use the open source software tool Matomo on our website. The software is set so that the IP addresses are not stored in full. It is not possible to assign the abbreviated IP address to the accessing computer.

2. Legal basis for data processing

The legal basis for the processing of your personal data in connection with statistical analysis is Article 6(1)(f) GDPR.

3. Purpose of data processing

The statistics help us to optimise our work, e.g. to constantly improve our website and its user-friendliness.

4. Categories of recipients of personal data and data processing outside of the European Union

Matomo software runs exclusively on a server controlled by us. Specifically, we use the hosting services of Contabo GmbH (Aschauer Straße 32a, 81549 Munich, website: www.contabo.de).

We have concluded a data processing agreement with Contabo.

5. Storage duration

The data will be deleted after 5 years, i.e. as soon as they are no longer needed for our records.

6. Objection and removal possibility

Matomo uses cookies. Cookies that have already been placed can be deleted at any time. This can also be done automatically. We also offer our users the option of opting out of the analytics process on our website. This option is available here: Cookie Settings.

Information regarding the privacy settings of the Matomo software can be found here: https://matomo.org/docs/privacy/.

XIII. Rights of the data subject

If your personal data is processed, you are the data subject as defined by the GDPR and you have the following rights vis-à-vis the controller:

1. Right to information

You may at any time, with due regard to the requirements of Article 15 of the GDPR, request information from the controller as to whether and how we are processing your personal data.

2. Right to rectification

With due regard to the provisions of Article 16 of the GDPR, you have the right to have your personal data corrected and/or completed by the data controller if the processed personal data relating to you is inaccurate or incomplete. The data controller must rectify the data immediately.

3. Right to restriction of processing

With due regard to the provisions of Article 18 of the GDPR, you may require the controller to restrict the processing.

4. Right to erasure

With due regard to the provisions of Article 17 of the GDPR, you may request the controller to delete your personal data.

5. Notification obligation

If you have exercised your right to rectify, cancel or limit the processing of your personal data against the controller, the latter is obliged to notify all recipients to whom your personal data have been disclosed of this rectification, cancellation or limitation, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed of these recipients vis-à-vis the data controller pursuant to Article 19 of the GDPR.

6. Right to data portability

With due regard to the requirements of Article 20 of the GDPR, you have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format.

7. Right to object

You have the right, subject to the conditions of Article 21 of the GDPR, to object at any time, for reasons arising from your particular situation, to the processing of your personal data under Article 6(1)(e) or (f) GDPR, even if the profiling is based on these provisions.

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of revocation.

9. Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of presumed infringement, if you consider that the processing of your personal data is in breach of the GDPR.

The supervisory authority where the complaint was lodged will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

The supervisory authority in charge of Liberties.eu is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin
www.datenschutz-berlin.de

Date of data protection declaration: 11 November 2019 (German version)

In the event of a dispute regarding the "Privacy Policy www.liberties.eu", the German-language version shall prevail.