I. Introduction
With the following information, we would like to give you as a “data subject” an overview of the processing of your personal data by us as well as your rights from the data protection laws.
Your personal data will always be processed in accordance with the General Data Protection Regulation (GDPR) and all applicable country-specific data protection regulations. We have implemented numerous technical and organizational measures to ensure the highest possible protection when processing your personal data.
II. Scope
The following data protection regulations apply to the following websites: https://hiccups.eu/ and all our other online presences (e.g. our social media pages).
III. Controller
Controller within the GDPR is:
nova-Institut für politische und ökologische Innovation GmbH
LeyboldstraĂźe 16
50354 Huerth
Germany
Tel. +49 2233 – 4814-40
Fax +49 2233 – 4814-50
Email [email protected]
Internet www.nova-institute.eu
IV. Data Protection Officer
If you have any questions or suggestions regarding data protection issues, you can contact our data protection officer at any time:
Niklas Hanitsch
secjur GmbH
Steinhöft 9
20459 Hamburg
Germany
Tel. +49 40 228 599 520
Email: [email protected]
V. Technology
1. SSL / TLS encryption
To ensure the security of data processing and to protect the transmission of confidential content, we use SSL or TLS encryption. You can recognize the existence of an encrypted connection by the fact that the address line of your browser displays “https://” instead of “http://” and by the lock symbol in your browser line.
2. Data collection when visiting the website / storage of log files
When using our website for purely informational purposes, we only collect personal data that your browser sends to our server (server log files). Every time you access our website, a number of general data and information are collected, which we store in the server log files.
Purpose of processing
- Correct delivery of the contents of our website
- Optimization of the contents of our website
- Guarantee of a permanent operability of our IT systems and the technology of our website
- Static evaluation to improve the level of data protection and data security
- Provision of information to law enforcement agencies in the event of a cyber attack
Processed data
Usage and metadata (e.g. browser types and versions used, the operating system used by the accessing system, the website from which an accessing system accesses our website (so-called referrer), the sub-websites which are accessed via an accessing system on our website, the date and time of an access to the website, an abbreviated internet protocol address (anonymized IP address), the internet service provider of the accessing system)
Security measures
The server log files are anonymous data that are stored separately from all other of your personal
Legal basis
Legitimate interest (Art. 6 Para. 1 Cl. 1 letter f GDPR). Our legitimate interest corresponds to the above-mentioned purposes.
VI. Cookies
We use cookies on our website. These are files that your browser automatically creates and that are stored on your IT system when you visit our site.
Information is stored in the cookie, which in each case arises in connection with the specifically used terminal device. This does not mean, however, that we obtain direct knowledge of your identity.
1. Technically necessary cookies
We use technically necessary cookies. These are cookies that are necessary for the operation and functions of our website.
Purpose of processing
- Offering our services
- Enabling the use of our website functions
Legal basis
Legitimate interest (Art. 6 Para. 1 Cl. 1 letter f GDPR). Our legitimate interest corresponds to the above-mentioned purposes.
2. Technically not necessary cookies
We use technically not necessary cookies. These are cookies that are not technically essential for the operation of the website or the provision of specific page functions. As a rule, these are third-party cookies that can be used to analyze and trace the surfing behavior of users.
Purpose of processing
- Range measurement and tracking
- Evaluation of visitor behavior and profiling
- Optimization of our offer
Legal basis
Consent (Art. 6 Para. 1 Cl. 1 letter a GDPR).
Right of withdrawal
You can revoke your consent to the use of cookies at any time.
VII. Transmission and disclosure of personal data
Within the scope of our activities, we transmit personal data to external parties (e.g. persons, companies or legally independent organizational units). You can find details on this below under “Services used” with the respective service providers.
VIII. Data processing in third countries
We process personal data in a third country. These are countries outside the European Union (EU) and the European Economic Area (EEA).
We only process data in third countries where an adequate level of data protection exists in accordance with Art. 44-49 GDPR. Details of the specific level of data protection in the respective third country can be found below under “Services used” with the respective service providers.
IX. Contact
1. General information
We offer you different ways to contact us (e.g. by e-mail, chat or telephone).
Processed data
- Inventory data (e.g. first and last name, address)
- Contact information (e.g. e-mail address, phone number)
- Meta and communication data (e.g. IP address)
- Content data (e.g. entered text content, photographs, videos)
Purpose of processing
- Answering contact requests
- Communication
Legal basis
- Performance of a contract or implementation of pre-contractual measures (Art. 6 Para. 1 Cl. 1 letter b. GDPR) if your request is based on pre-contractual measures or on an existing contract with us.
- Legitimate interest (Art. 6 Para. 1 Cl. 1 letter f GDPR) If your inquiry is independent of contractual or pre-contractual measures, our legitimate interests constitute the legal basis. The legitimate interest corresponds to the above-mentioned purposes.
X. Web Analysis and Optimization Services
1. General information
We carry out web analyses to evaluate the visit of our online presences. In doing so, we are able to process your interests, certain types of behavior or demographic data. This enables us to analyze how you use our online offer and its contents and functions. User profiles can be created as part of the web analysis. Cookies are often used for this purpose.
Processed data
- Usage data (e.g. websites visited, interest in content, time of access)
- Meta and communication data (e.g. IP address).
- Location data
Purpose of the processing
- Range measurement and tracking
- Evaluation of visitor behavior and profiling
- Improving our offer and offering customer-friendly services
2. Matomo
We use Matomo. This is a software for web analysis.
Provider
InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand (InnoCraft).
Data processed
- Advertisements viewed
- Cookie ID
- Date and time of visit
- Device information
- Geographic location
- IP address
- Search terms
- Advertisements displayed
- Customer ID
- Impressions
- Online identifiers
- Browser information
Legal basis
Consent (Art. 6 para. 1 p. 1 lit. a GDPR )
Opt-Out-Cookie
Matomo sets a cookie on your IT system. You can prevent Matomo from collecting your personal data by clicking on the following link: Deactivate Matomo. This sets an opt-out cookie that prevents future collection of your data when you visit our website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
Security measure
We have anonymized your IP address.
Data processing agreement
We have closed a Data processing agreement with Matomo: https://matomo.org/matomo-cloud-dpa/
Data protection outside the EU/ EEA
For New Zealand there is an adequacy decision of the European Commission.
Privacy policy
Further information on data processing can be found in Matomo’s privacy policy. https://matomo.org/privacy-policy/
XI. Social Networks
1. General information
We maintain presences in social networks to communicate with you and inform you about our services.
If you visit one of our social media pages, we are joint controllers with the provider of the respective social media platform for the processing of personal data triggered by this in accordance with Art. 26 GDPR.
We point out that your data may be processed outside the EU or the EEA Area. This may result in risks such as a more difficult enforcement of user rights. User data is often processed in social networks for advertising purposes or for the analysis of user behavior by the providers, without us being able to influence this.
In addition, the providers often create user profiles, on the basis of which user-based advertising can then be placed inside and outside the social network. For this purpose, cookies are often used or the user behavior is directly assigned to your own member profile of the social networks (if you are logged in here).
Since we do not have access to the data stocks of the respective providers, we would like to point out that it is best to apply your rights directly to the respective provider. However, if you need help, please feel free to contact us. Further information on the processing of your data in social networks and the possibility to make use of your right of objection or revocation (opt-out) is listed below.
Processed data
- Inventory data (e.g. first and last name, address, age, gender)
- Content data (e.g. texts, photos, videos)
- Usage data (e.g. visit of websites, interests)
- Metadata (e.g. device information, IP address)
Purpose of processing
- Modern way of user communication
- Provision of information about own services
- Tracking, remarketing, affiliate tracking
Legal basis
- Legitimate interest (Art. 6 Para. 1 Cl. 1 letter f GDPR). Our legitimate interest corresponds to the above-mentioned purposes.
- Consent (Art. 6 Para. 1 Cl. 1 lettera GDPR). If you, as a user of the respective social media, have to agree to the data processing, the legal basis is your consent.
2. Twitter
Provider
musical.ly Inc., 10351 Santa Monica Blvd #310, Los Angeles, CA 90025 USA (Twitter).
Data protection outside the EU/ EEA
We have concluded standard data protection clauses with Twitter.
Privacy Policy
https://twitter.com/settings/your_twitter_data
Possibility of objection (Opt-Out)
https://twitter.com/settings/account/personalization
XII. Cookie-Banner
1. General information
We use a cookie banner on our website. With our cookie banner, we inform you about the cookies we specifically use. In addition, we give you the opportunity to decide whether you want to consent to the setting of technically unnecessary cookies.
Processed data
- Usage data (e.g. web pages visited, time of access)
- Meta and communication data (e.g. IP address)
Purpose oft he processing
- Informing the user about the cookies we use.
- Enabling to consent to cookies that are not technically necessary
Legal basis
Legitimate interest (Art. 6 Para. 1 Cl. 1 letter f GDPR). Our legitimate interest corresponds to the above-mentioned purposes.
XIII. Rights of the data subject
1. Confirmation
You have the right to ask us to confirm whether personal data concerning you is being processed
2. Right of access by the data subject (Art. 15 GDPR)
You have the right to receive from us at any time and free of charge information about the personal data stored about you as well as a copy of this data in accordance with the statutory provisions.
3. Right to rectification (Art. 16 GDPR)
You have the right to request the correction of incorrect personal data concerning you. You also have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
4. Right to erase (Art. 17 GDPR)
You have the right to demand from us that personal data concerning you be deleted immediately if one of the reasons provided by law applies and if the processing or storage is not necessary.
5. Right to restriction of processing (Art. 18 GDPR)
You have the right to demand that we restrict processing if one of the legal requirements is met.
6. Right to data portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you that you have provided us in a structured, common and machine-readable format. Furthermore, you have the right to have this data communicated to another person in charge, without hindrance from us, to whom the personal data has been made available, provided that the processing is based on the consent pursuant to Art. 6 Para. 1 letter a GDPR or Art. 9 Para. 2 letter a GDPR or on a contract pursuant to Art. 6 Para. 1 letter b GDPR, and provided that the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority delegated to us. In addition, when exercising your right to data transfer in accordance with Art. 20 Para. 1 GDPR, you have the right to request that personal data be transferred directly from one responsible party to another, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other persons.
7. Right to object (Art. 21 GDPR)
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out on the basis of Article 6 para. 1 letter e (data processing in the public interest) or f (data processing based on a balancing of interests) of the DPA. This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.
If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for processing which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims. In individual cases we process personal data for the purpose of direct marketing. You may at any time object to the processing of personal data for the purpose of such advertising. This also applies to profiling, insofar as it is connected with such direct advertising. If you object to us processing your personal data for the purposes of direct marketing, we will no longer process the personal data for these purposes.
In addition, you have the right to object, for reasons arising from your particular situation, to the processing of personal data relating to you which is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest. You are free to exercise your right of objection in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures involving the use of technical specifications.
8. Withdrawal of a data protection consent
You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.
9. Complaint to a supervisory authority
You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.
XIV. Storage period of personal data
We process and store your personal data only as long as the purpose of storage requires it or as long as it is required by law. If the purpose of storage ceases to apply or if a prescribed storage period expires, the personal data is routinely blocked or deleted in accordance with legal requirements. The criterion for the duration of storage of personal data is the respective legal retention period. After the period has expired, the corresponding data is routinely deleted if it is no longer required for the fulfillment or initiation of a contract.
XV. Actuality and changes of the privacy policy
This data protection declaration is currently valid and has the following status: October 2021. If we further develop our website and our offers or if legal or official requirements change, it may be necessary to amend this data protection declaration. You can view the current data protection declaration at any time on the website under https://hiccups.eu/data-protection-regulation/