Privacy Notice pursuant to Art. 13 GDPR
Name and address of the controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection provisions is:
Climate Alliance of European Cities with Indigenous Rainforest Peoples | Alianza del Clima e.V.
Eschborner Landstr. 42 – 50
60489 Frankfurt am Main | Germany
Phone: +49 69 717 13 90
E-mail: europe@climatealliance.org
Name and address of the Data Protection Officer
The Data Protection Officer of the controller is:
Jota Rechtsanwälte PartG mbB
Dr. Christian Velten
Schiffenberger Weg 61
35394 Gießen | Germany
Phone: +49 641 97 27 668
E-mail: ds@jota-rechtsanwaelte.de
Legal basis for the processing of personal data
In accordance with Art. 13 GDPR, we inform you of the legal bases for our data processing. If the legal basis is not specifically stated in this privacy notice, the following applies:
The legal basis for obtaining consent is Art. 6(1)(a) in conjunction with Art. 7 GDPR. The legal basis for processing for the performance of our services and the implementation of contractual measures, as well as for responding to inquiries, is Art. 6(1)(b) GDPR. The legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) GDPR. If the processing of your data is necessary to safeguard a legitimate interest of our company or a third party, and your interests, fundamental rights and freedoms do not override that interest, Art. 6(1)(f) GDPR serves as the legal basis. If vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.
Data deletion and storage duration
We adhere to the principles of data minimization and data economy. We store your personal data only as long as necessary to achieve the purposes stated here or as required by statutory retention periods. Once the respective purpose ceases to apply or these periods expire, the corresponding data will be routinely blocked or deleted in accordance with legal requirements.
Rights of the data subject
You have the right at any time to obtain free information about the origin, recipients and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you have given consent to data processing, you may revoke this consent at any time for the future. You also have the right, under certain circumstances, to request restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
For this and any other questions regarding data protection, you can contact us at any time using the contact details provided in the legal notice.
As a data subject within the meaning of the GDPR, you may exercise various rights. These include the right of access (Art. 15), the right to rectification (Art. 16), the right to erasure (Art. 17), the right to restriction of processing (Art. 18), the right to object (Art. 21), the right to lodge a complaint with a supervisory authority, and the right to data portability (Art. 20).
Right to withdraw consent
Some data processing operations are only possible with your explicit consent. You may withdraw your consent at any time. The legality of the data processing carried out before the withdrawal remains unaffected.
Right to object
If the processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data. This also applies to profiling based on these provisions. If we cannot demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or if the processing serves to establish, exercise or defend legal claims, we will no longer process the data after your objection.
If personal data is processed for direct marketing purposes, you have the right to object at any time. This also applies to profiling related to such direct marketing. In this case, we will no longer process your personal data once you object.
Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, without prejudice to any other administrative or judicial remedy.
Right to data portability
If your data is processed automatically based on consent or for the performance of a contract, you have the right to receive this data in a structured, commonly used and machine-readable format. You also have the right to request the transfer of this data to another controller, where technically feasible.
Right of access, rectification and erasure
You have the right to obtain information about your processed personal data, including the purpose of processing, categories of data, recipients, and storage duration. You also have the right to know whether you have a right to rectification, erasure or restriction of processing. If you have questions on this or other topics relating to personal data, you can contact us at any time via the contact options provided in the legal notice.
Right to restriction of processing
You may request the restriction of the processing of your personal data at any time if one of the following conditions applies:
You contest the accuracy of the personal data. For the duration of the verification, you have the right to request restriction of processing.
If the processing is unlawful, you may request restriction instead of deletion.
If we no longer need your personal data, but you require it for the establishment, exercise or defense of legal claims, you may request restriction instead of deletion.
If you object pursuant to Art. 21(1) GDPR, a balancing of interests will be carried out. Until this is completed, you have the right to request restriction of processing.
If processing is restricted, such data may—apart from storage—only be processed with your consent or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.
Provision of the website (web hosting)
When you visit our website, we automatically collect and store information in so-called server log files. This information is automatically transmitted by your browser to our server or to the server of our hosting provider.
This includes:
- IP address of the visitor’s device
- Device used
- Hostname of the accessing computer
- Operating system of the visitor
- Browser type and version
- Name of the retrieved file
- Time of the server request
- Amount of data transferred
- Information on whether the retrieval was successful
We do not merge this data with other data sources.
The legal basis for processing this data is Art. 6(1)(f) GDPR. Our legitimate interest is the technically error-free presentation and optimization of this website.
Instead of operating this website on our own server, we may have it hosted by an external service provider (hosting provider). In this case, the personal data collected on this website is stored on the provider’s servers. In addition to the data mentioned above, this may include contact requests, contact details, names, website access data, meta and communication data, contract data and other data generated via a website.
The legal basis for using a hosting provider is our interest in a secure, fast and efficient provision of our website (Art. 6(1)(f) GDPR). Another legal basis may be processing for the performance of a contract with our current or future customers (Art. 6(1)(b) GDPR). If we use a hosting provider, a data processing agreement has been concluded with this provider.
Contact by phone or email
In accordance with legal requirements, we provide a telephone number and email address on our website. Data transmitted via these channels is automatically stored in order to process inquiries or contact the person making the request. This data will not be passed on to third parties without your consent.
If the contact is made for pre-contractual or contractual purposes, the processing is based on Art. 6(1)(b) GDPR. In all other cases, processing is based on our legitimate interest (Art. 6(1)(f) GDPR).