DATA PROTECTION AND PRIVACY NOTICE
This website is operated by the International Federation for the Economy for the Common Good e.V., located at Stresemannstr. 23, 22769 Hamburg, Germany.
The protection of your personal data is of special concern to us. We therefore process your data exclusively on the basis of the legal provisions (European Data Protection Regulation (EDPR) and the respective national data protection laws). The processing is done within the framework of the legal regulations, about which you can inform yourself e.g. at www.bfdi.bund.de. In this data protection declaration, we inform you about the most important aspects of data processing in connection with our website.
What data we process
In the course of your visit to our website, we automatically collect some information, which is set out in detail in the following sections. In addition, we also process the information that you provide yourself by filling in forms.
Purposes of data processing
We process your data on the basis of our predominant legitimate interest (Art 6 para 1 lit f EDPR),
- to make this website, including our services, available to you
- to be able to compile usage statistics
- to improve our offer and our web presence
- to be able to detect, prevent and investigate attacks on our website
- to reply to your messages
If you register as an interested party/supporter, member or donor, we will process your data to
- to be able to respond to your interest in receiving further information and, for example, to fulfil a request to send you a newsletter.
- to be able to accept you as a member of a Economy for the Common Good association and to administer your data.
- to be able to administer your donation (bank transfer, possible donation receipt).
In the case of registration for the audit, peer evaluation and trainings, we and, if applicable, authorised third parties will process your data and the contents of their public benefit reports
- to be able to manage and administer you as an audit/peer-evaluation commissioning company, person or learning path participant.
- to be able to carry out and manage billing services, if applicable.
- To improve our services and the quality of audits, peer evaluations and trainings. In particular, your data will be used to visualise the audit results and peer evaluations and to analyse the results of the public good report and anonymised statistical analyses.
By registering for the audit, you agree to the publication of the audited/certified Economy for the Common Good (ECG) report, both on your own company website and within the ECG information pages.
In the case of registration as a consultant or for registration as a consultant or auditor in training and in the case of registration as an auditor, we and, if applicable, authorised third parties process your data
- to manage and administer you as a certified consultant, a consultant in training or a certified auditor.
- to perform and manage billing services, if applicable.
- to be able to meet your interest in further information and, for example, to be able to fulfil a wish to receive a newsletter.
- to be able to carry out joint marketing measures for consultants and auditors. Your information and personal data will be made available, for example, to a closed user group of ECG activists on our ECG intranet (WIKI).
- to improve our range of audit and consultancy services.
- to be able to improve the quality of the consultants’ and auditors’ services and for anonymised statistical evaluations.
Transfer of your personal data
For the above purposes, we will transfer your personal data to the following recipients who process their data exclusively in the EU:
- IT service providers used by us
- Hostsharing eG, Hamburg
- Data processors used by us
- CAS Software AG, Karlsruhe,
- to the respective ECG partner association of which you want to become a member or for which you want to make a donation
- in anonymised general statistical form to the member associations in the International Federation
- in case of need to law enforcement authorities
We only pass on your data to the above-mentioned data recipients if:
- you have given your explicit permission to do so (Art. 6 para. 1 p. 1 lit. a EDPR)
- this is necessary for the processing of contractual relationships with you (Art. 6 para. 1 lit. b EDPR)
- there is a legal obligation to pass on data (Art. 6 para. 1 lit. c EDPR)
the disclosure is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data (Art. 6 para. 1 p. 1 lit. f EDPR).
Processed data in detail
Visit to the website
Each time you access our website, the internet browser used on your end device (computer, laptop, tablet, smartphone, etc.) automatically sends information to the server of our website. This information is temporarily stored in a so-called log file.
The following data is collected without your intervention and stored until automated deletion:
- IP address of the enquiring computer, as well as device ID or individual device identifier and device type.
- Name of the file retrieved and amount of data transferred, as well as date and time of retrieval
- Message about successful retrieval
- Description of the type of Internet browser used and, if applicable, the operating system, resolution and plug-ins used on your terminal device as well as the name of your access provider
- Location data, if applicable, including location data from your mobile device. (Please note that for most mobile devices you control or disable the use of location services in the settings menu of the mobile device.
Anonymised web analysis
To analyse and optimise our website, we use Statify, a web analysis software. It counts the accesses to our website and generates statistical, anonymised access statistics. This software does not store any personal data or pass it on to third parties.
Anonymized web analysis
For the analysis and optimization of our website we use Statify, a WordPress-PlugIn. It counts the accesses to our website and generates statistical, anonymous access statistics (it does not log IP-addresses). Through this software no personal data is stored or passed on to third parties.
You have the possibility to subscribe to newsletters of ECG associations and regional groups via our website. For this we need your e-mail address and your declaration that you agree to receive the newsletter. Further details (title and name) are optional.
As soon as you have subscribed to a newsletter, we will send you a confirmation e-mail with a link to confirm your subscription.
You can cancel your newsletter subscription at any time. You will find a corresponding link at the end of each newsletter. You will then be removed from the newsletter distribution list..
If you register on our websites, we will store your data for as long as the reason for the data storage, your account or your newsletter subscription exists, and beyond that only for as long as legal obligations provide for this and you have not exercised your right to deletion.
All data transmitted by you personally will be encrypted using the generally accepted and secure standard TLS (Transport Layer Security). We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
Upon request, we will be happy to inform you whether and which personal data relating to you are stored (Art. 15 of the GDPR), in particular about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, and the existence of automated decision-making, including profiling.
You also have the right to have any incorrectly collected personal data corrected or incompletely collected data completed (Art. 16 EPDR).
Furthermore, you have the right to demand that we restrict the processing of your data, provided that the legal requirements for this are met (Art. 18 EPDR).
You have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request that it be transferred to another controller (Art. 20 EPDR).
In addition, you have the so-called “right to be forgotten”, i.e. you can demand that we delete your personal data, provided that the legal requirements for this are met (Art. 17 EPDR).
Irrespective of this, your personal data will be automatically deleted by us if the purpose of the data collection has ceased to exist or the data processing has been carried out unlawfully.
In accordance with Art. 7 (3) EPDR, you have the right to revoke your consent at any time. This has the consequence that we will no longer continue the data processing based on this consent in the future.
You also have the right to object to the processing of your personal data at any time, provided that a right of objection is provided for by law. In the event of an effective revocation, your personal data will also be automatically deleted by us (Art. 21 EPDR).
If you wish to make use of your right of revocation or objection, an e-mail to: email@example.com is sufficient.
In the event of violations of data protection regulations, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 EPDR. The responsible supervisory authority is the Hamburg Commissioner for Data Protection and Freedom of Information as well as any other supervisory authority.
The Hamburg Commissioner for Data Protection and Freedom of Information can be reached at the following address:
Ludwig-Erhard-Str. 22, 7th floor.
+49 40 428 54-4040
Our contact details
If you have any questions or concerns about the processing of your personal data, please contact us at firstname.lastname@example.org.
This data protection declaration is currently valid and has the status of 10.03.2021. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access the current data protection declaration at any time on the website www.ecogood.org/privacy.