Privacy policy in the sense of the EU-DSGVO

Thank you for your interest in The Duke of Edinburgh’s International Award – Germany e.V. (in short: Duke Award).

The Duke of Edinburgh’s International Award – Germany e.V., as the operator of this online offer, is responsible for the processing of personal user data. The Duke of Edinburgh’s International Award – Germany e.V., Branitzer Platz 2, 14050 Berlin, Germany, Tel.: +49(0)6291/68040, E-Mail: [email protected] is the responsible party within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature.

We take the protection of your privacy and your private data very seriously. We collect, store and use your personal data only in accordance with the content of this privacy policy and the applicable data protection laws, in particular the European General Data Protection Regulation (GDPR) and national data protection regulations. Our employees and the service providers commissioned by us are obliged to maintain confidentiality and comply with the provisions of the applicable data protection laws.

With this data protection declaration, we would like to inform you about the extent to which and the purpose for which personal data is processed in connection with the use of the online offer.

Personal data

Personal data is information about an identified or identifiable natural person. This includes all information about your identity, such as your name, your e-mail address or your postal address. Information that cannot be associated with your identity (such as statistical data, for example on the number of users of the online service) is not considered personal information.

In principle, you can use our website without disclosing your identity and without providing personal data. We will then only collect general information about your visit to our online offer.  The following data may be collected, for example (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

In order to participate in the international youth programme we offer, we provide a digital logbook, the so-called Online Record Book. Personal data is collected as part of the participation and use of the Online Record Book (ORB). This relates to the data of participating young people as well as from the management of the organisations we license and the Award Leaders who accompany and support the participation of young people via the ORB. In principle, we will only process this data for the purposes of using our offer. When collecting personal data, only the data that is mandatory must be provided. In addition, further details may be possible, in which case they are voluntary. We indicate in each case whether the information is mandatory or voluntary. We provide information on the specific details in the General Terms and Conditions of the Online Record Book.

Based on statutory provisions, the website of the DofE-Germany contains data that enable a quick electronic contact to our organisation, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or by using a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted on a voluntary basis by a data subject to the controller will be stored for the purposes of processing or contacting the data subject. This personal data will not be disclosed to third parties.

An automated decision-making process based on your personal data does not take place in connection with the use of our online services (profiling).

Processing of personal information

If personal data is collected in order to provide certain services, it is stored by us on specially protected servers within the European Union. These are protected by technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons. Access to your data is only possible for a few authorised persons. These are responsible for the technical, commercial or editorial maintenance of the servers. Despite regular checks, however, complete protection against all dangers is not possible.

Insofar as personal data is collected, it is transmitted via the Internet in encrypted form. We use SSL encryption (Secure Socket Layer) for data transmission.

Disclosure of personal data to third parties

As a matter of principle, we only use your personal information to provide the services you have requested. Insofar as external service providers are used by us within the framework of the provision of services, their access to the data is also exclusively for the purpose of providing the service. We use technical and organisational measures to ensure compliance with data protection regulations and also oblige our external service providers to do so.

Furthermore, we do not pass on the data to third parties without your express consent, in particular not for advertising purposes. Your personal data will only be passed on if you yourself have consented to the data being passed on or if we are entitled or obliged to do so on the basis of statutory provisions and/or official or court orders. In particular, this may involve the disclosure of information for the purposes of criminal prosecution, to avert danger or to enforce intellectual property rights.

Legal basis for data processing

Insofar as we obtain consent for the processing of your personal data, Art. 6 para. 1 lit. a) DSGVO serves as the legal basis for the data processing.

Insofar as we process your personal data because this is necessary for the fulfilment of a contract or in the context of a relationship with you similar to a contract, Art. 6 para. 1 lit. b) DSGVO serves as the legal basis for the data processing.

Insofar as we process your personal data for the fulfilment of a legal obligation, Art. 6 para. 1 lit. c) DSGVO serves as the legal basis for the data processing.

Furthermore, Art. 6 (1) f) DSGVO can be considered as the legal basis for data processing if the processing of your personal data is necessary to protect a legitimate interest of our organisation or a third party and your interests, fundamental rights and freedoms do not require the protection of personal data.

Within the framework of this data protection declaration, we always indicate the legal basis on which we base the processing of your personal data.

Data deletion and storage period

We always delete or block your personal data when the purpose for storing it no longer applies. However, data may be stored beyond this if this is provided for by legal requirements to which we are subject, for example with regard to statutory retention and documentation obligations. In such a case, we delete or block your personal data after the end of the corresponding requirements.

Information about your computer

Each time you access our online offer, we collect the following information about your computer, regardless of your registration: the IP address of your computer, the request of your browser and the time of this request. In addition, the status and the amount of data transferred are recorded as part of this request. We also collect product and version information about the browser used and the computer’s operating system. We also record the website from which the online offer was accessed. The IP address of your computer is only stored for the time of use of the online offer and is then deleted or anonymised by shortening it. The remaining data is stored for a limited period of time.

We use this data for the operation of the online offer, in particular to detect and eliminate errors, to determine the utilisation of the online offer and to make adjustments or improvements. These purposes are also our legitimate interest in data processing according to Art. 6 (1) f) DSGVO, which is the legal basis for this processing.

Use of cookies

Cookies are used for our online offer – as on many websites. Cookies are small text files that are stored on your computer and save certain settings and data for exchange with our online offer via your browser. A cookie usually contains the name of the domain from which the cookie file was sent, information about the age of the cookie and an alphanumeric identifier.

Cookies enable us to recognise your computer and make any presettings immediately available. Cookies help us to improve our online offer and to provide you with a better service that is even more tailored to your needs. This is also our legitimate interest in data processing according to Art. 6 Para. 1 lit. f) DSGVO.

Most browsers are set to accept cookies automatically. However, you can deactivate the saving of cookies or set your browser to notify you as soon as cookies are sent. It is also possible to delete cookies that have already been saved manually via the browser settings.

Analysis cookies

In addition, we use cookies on our website that enable an analysis of your user behaviour, so-called analysis cookies. With these cookies, we record and store, among other things, the frequency of page views, search terms, use of internet page functions, etc.

Your data collected with the help of cookies is anonymised so that it is no longer possible to assign the data to the respective user.

We use analysis cookies to improve and optimise the quality of our online offers and their content as well as to check and improve the reach and findability of our online offers. These purposes also constitute the legitimate interest in terms of the legal basis for the processing pursuant to Art. 6 (1) f DSGVO.

To analyse user behaviour for the above-mentioned purposes, we use the programmes mentioned below, which in turn use cookies as explained.

Google Analytics

We use Google Analytics for statistical analysis. Google Analytics is a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94034, USA (“Google”). Google Analytics uses the “cookies” described above, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookies about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. In addition, you can prevent the collection of the data generated by the cookie and related to your use of the website (incl. your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link http://tools.google.com/dlpage/gaoptout?hl=de.

Further information can be found at mailto:http://tools.google.com/dlpage/gaoptout?hl=debzw.https://marketingplatform.google.com/about and https://support.google.com/analytics/search?q=privacy (general information on Google Analytics and data protection). We would like to point out that on our Internet pages Google Analytics has been extended by the code anonymizeIp(); in order to anonymise the IP addresses, whereby the last octet is deleted.

We are of the opinion that, due to the protective measures taken (anonymisation and the possibility to object), data processing for the optimisation of our online offer is to be regarded as a legitimate interest in data processing pursuant to Art. 6 (1) lit. f) DSGVO.

Google Tag Manager

This website uses the Google Tag Manager. Through this service, website tags can be managed via an interface. The Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.

Newsletter

When you subscribe to our newsletter – as soon as a subscription is made possible via this website – your e-mail address is used until you unsubscribe. You will receive regular information by e-mail on current topics as well as e-mails for special occasions, for example special promotions. The e-mails may be personalised and individualised based on the information we have about you.

To register for our newsletter, unless you have given us your consent in writing, we use the so-called double opt-in procedure, i.e. we will only send you a newsletter by e-mail if you have previously expressly confirmed that you want us to activate the newsletter dispatch. We will then send you a notification e-mail and ask you to confirm that you would like to receive our newsletter by clicking on a link contained in this e-mail.

The legal basis for the processing of your data is your consent according to Art. 6 para. 1 lit. a) DSGVO, if you have expressly registered for the newsletter.

If you no longer wish to receive newsletters from us, you can revoke your consent at any time with effect for the future or object to further receipt of the newsletter without incurring any costs other than the transmission costs according to the basic rates. Simply use the unsubscribe link contained in every newsletter or send a message to us or our data protection officer.

By registering for one of our courses, you agree to receive our newsletters. We create these with the help of the service Mailchimp. Please refer to Mailchimp’s privacy policy for details of the applicable regulations.

Social media

In our online offer you will find links to the social networks of Facebook, Instagram, Twitter and LinkedIn. You can recognise the links by the respective logo of the provider.

Clicking on the links opens the corresponding social media pages, for which this data protection declaration does not apply. For details of the provisions applicable there, please refer to the corresponding data protection declarations of the individual providers; you will find these at:

• Facebook: https://www.facebook.com/policy.php
• Instagram: https://www.instagram.com/about/legal/privacy
• Twitter: https://twitter.com/privacy?lang=de
• LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=de_DE

No personal information is transmitted to the respective providers before the corresponding links are called up. Your access to the linked page is also the basis for the data processing by the respective providers.

Notes on Facebook and Instagram:

Each time one of the individual pages of this website operated by the data controller is called up and on which a Facebook component (Facebook plug-in) has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. Within the scope of this technical procedure, Facebook receives information about which specific sub-page of our website is visited by the data subject.

If the data subject is logged into Facebook at the same time, Facebook recognises which specific sub-page of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject activates one of the Facebook buttons integrated on our website, for example the “Like” button, or if the data subject posts a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.

Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged into Facebook at the same time as calling up our website; this takes place regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook, he or she can prevent the transmission by logging out of his or her Facebook account before accessing our website.

Each time one of the individual pages of this website operated by the data controller is called up and on which an Instagram component (Insta button) has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Instagram component to download a representation of the corresponding component from Instagram. Within the scope of this technical procedure, Instagram receives information about which specific subpage of our website is visited by the data subject.

If the data subject is logged in to Instagram at the same time, Instagram recognises which specific subpage the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Instagram component and assigned by Instagram to the respective Instagram account of the data subject. If the data subject activates one of the Instagram buttons integrated on our website, the data and information thus transmitted will be assigned to the personal Instagram user account of the data subject and stored and processed by Instagram.

Instagram always receives information via the Instagram component that the data subject has visited our website if the data subject is logged into Instagram at the same time as calling up our website; this takes place regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not want this information to be transmitted to Instagram, he or she can prevent the transmission by logging out of his or her Instagram account before accessing our website.

Use of YouTube

Videos are integrated into our online offer, for the playback of which we use a plugin of the YouTube (“YouTube”) service operated by Google. The operator of the service is YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you call up a web page of our online offer on which a video is embedded, a connection is established to the YouTube servers. In the process, the YouTube server is informed which Internet pages of our online offer you have visited.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. Further information on the handling of user data can be found in Google’s privacy policy at https://www.google.de/intl/de/policies/privacy/, which also applies to YouTube.

We use YouTube so that we can show you videos and thus tell you more about us and our services; this is also the legitimate interest within the meaning of Art. 6 (1) f) DSGVO.

Display of our programme providers on a map

We show the geographical location of our programme providers on a map of Germany. We use the Batchgeo tool for this. Information on the handling of user data can be found in Batchgeo’s privacy policy at https://de.batchgeo.com/features/security/#privacy.

Your rights and contact

We attach great importance to explaining the processing of your personal data as transparently as possible and also to informing you about the rights you are entitled to. If you would like more detailed information or wish to exercise the rights to which you are entitled, you can contact us at any time so that we can deal with your request.

Data subjects’ rights

You have extensive rights with regard to the processing of your personal data. First of all, you have a comprehensive right to information pursuant to Art. 15 of the GDPR and, if applicable, you can demand the correction and/or deletion of your personal data pursuant to Art. 17 of the GDPR or blocking of your personal data pursuant to Art. 16 of the GDPR. You may also request a restriction of processing pursuant to Art. 18 DSGVO and have a right of objection pursuant to Art. 21 DSGVO. You also have the right to data portability with regard to the personal data you have provided to us.

If you would like to exercise any of your rights and/or receive more information about them, please contact our Data Protection Officer.

Revocation of consent and objection

Once you have given your consent, it can be freely revoked at any time with effect for the future in accordance with Art. 21 DSGVO. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. The contact persons for this are also our customer service or our data protection officer.

If the processing of your personal data is not based on consent but on another legal basis, you can object to this data processing. Your objection leads to a review and, if necessary, termination of the data processing. You will be informed of the result of the review and – if the data processing is nevertheless to be continued – you will receive more detailed information from us as to why the data processing is permissible.

Security through technical and organisational measures

The Duke of Edinburgh’s International Award – Germany e.V. uses technical and organisational measures in accordance with Article 32 (1) of the EU Data Protection Regulation to protect personal data against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. The security measures in place are continuously improved in line with technological developments.

Web hosting

To maintain our internet pages, we use a provider on whose server our internet pages are stored and made available for retrieval on the internet (hosting). In doing so, the provider may process all data transmitted via the browser you use, which is generated when you use our website. This includes in particular your IP address, which the provider needs in order to be able to deliver our online offer to the browser you are using, as well as all entries you make via our website. In addition, the provider used by us can

• the date and time of access to our website
• Time zone difference from Greenwich Mean Time (GMT)
• Access status (HTTP status)
• the volume of data transferred
• the Internet service provider of the accessing system
• the type of browser you are using and its version
• the operating system you are using
• the website from which you may have accessed our website
• the pages or sub-pages that you visit on our website.

collect. The aforementioned data is stored as log files on the servers of our provider. This is necessary to ensure the stability and security of the operation of our website.

Service provider: webgo GmbH Wandsbeker Zollstr. 95, 22041 HamburgInternet site:
https://www.webgo.de/Datenschutzerklärung: https://www.webgo.de/datenschutz/

E-mail security

The user agrees to electronic communication as soon as he himself opens electronic contact with The Duke of Edinburgh’s International Award – Germany e.V.. The user is advised that e-mails can be read or changed unauthorised and unnoticed during transmission. The Duke of Edinburgh’s International Award – Germany e.V. uses software to filter unwanted e-mails (spam filter). The spam filter can reject e-mails if they have been falsely identified as spam by certain characteristics.

Complaints

If you believe that the processing of your personal data by us is not in accordance with this privacy policy or the applicable data protection regulations, you can complain. We will then investigate the matter and inform you of the outcome of the investigation. In addition, you also have the right to lodge a complaint with a supervisory authority.

Links to other websites

Our online offer contains links to other websites. These links are usually marked as such. We have no influence on the extent to which the applicable data protection regulations are observed on the linked websites. We therefore recommend that you also inform yourself about the respective data protection declarations of other websites.

We also link to our own online services “Online Administration” and “Online Record Book”, which serve the administration of participants and the monitoring of the participation process. These operate independently of this website and each have separate data protection declarations, which are agreed to with the official registration for our programme.

Changes to this privacy policy

The status of this data protection declaration is indicated by the date (below). We reserve the right to change this data protection declaration at any time with effect for the future. A change will be made in particular in the event of technical adjustments to the online offer or in the event of changes to the data protection requirements. The current version of the data protection declaration can always be accessed directly via the online offer. We recommend that you regularly inform yourself about changes to this data protection declaration.

Data Protection Officer and Contact

If you have any questions regarding our handling of personal data or require further information on data protection issues, please do not hesitate to contact us at any time:

Vanessa Masing

Seat of the association: The Duke of Edinburgh’s International Award – Germany e.V., Adelsheimer Straße 19, 74706 Osterburken,

Seat of the management: The Duke of Edinburgh’s International Award – Germany e.V., Branitzer Platz 2, 14050 Berlin

Phone and email: +49 (0)30 30834661 – [email protected]

Status of this privacy policy: April 2022