Data protection at ABLE

Please read these statements regarding the use of this portal carefully. By using the website you are accepting these conditions.

  1. Definitions

Our data privacy statement makes use of terms defined in the EU General Data Protection Regulations (GDPR). We have explained these terms below in order to ensure legibility and comprehension of our data privacy statement:

  1. Personal data

According to the GDPR, personal data is all information referring to an identified or identifiable natural person. This refers to information such as your name, your date of birth, your address, your E-Mail address, your IP address or your telephone number, as well as your user behaviour. On the other hand, information not directly related to your real identity – such as websites generally preferred by all users or a website’s number of users – is not regarded as personal data.

  1. Data subject

The data subject is any identified or identifiable natural person whose personal data is used by the controller responsible for processing.

  1. Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  1. Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.

  1. Controller or controller responsible for processing

The controller or controller responsible for processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or member state law, the controller or the specific criteria for its nomination may be provided for by Union or member state law.

  1. Processor

The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

  1. Recipient

The recipient is a natural or legal person, public authority, agency or other body to which the personal data is disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or member state law shall not be regarded as recipients.

  1. Third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

  1. Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning him or her.

 

  1. Name and address of the controller [Art. 4, Para. 7 of the GDPR]

The controller under the terms of the General Data Protection Regulation, other national data protection legislation of the member states and other provisions under data protection legislation is:

ABLE e.V.
Landhausstr. 28
70190 Stuttgart
Germany

Tel.: +49 (0) 176 768 686 38
E-Mail: info@able-ngo.com
Website: www.able-ngo.com

 

III. General information on data processing

  1. Extent of personal data processing

As a basic principle, we collect and process our users’ personal data only to the extent required for providing a functional website and supplying our content and services. We process our users’ personal data regularly only if the respective users have given their consent. An exception applies in those cases where it is not actually possible to obtain prior consent and where data processing is permitted by law.

  1. Legal basis for processing personal data

The data you transfer or collect shall only be collected, used, processed, stored and if necessary forwarded to third parties – where this is legally prescribed, contractually necessary or permitted within the framework of current legislation – within the framework of current data protection legislation (GDPR, the German Federal Data Protection Act and the German Broadcast Media Act).

Art. 6 of the GDPR is the respective legal basis for processing your personal data to which this data privacy statement refers:

Insofar as we obtain the data subject’s consent to process their personal data, Art. 6, Para. 1, lit. a of the EU General Data Protection Regulation (GDPR) shall apply as the legal basis for processing personal data.

Where it is necessary to process personal data for the purposes of fulfilling a contract and the data subject is the contracting party, Art. 6, Para. 1, lit. b of the GDPR shall apply as the legal basis. This shall also apply to processing which is required to carry out pre-contractual measures.

Where processing of personal data is necessary for our company to fulfil a legal obligation, Art. 6, Para. 1, lit. c of the GDPR shall apply as the legal basis.

Where processing of personal data is necessary for protecting the vital interests of the data subject, or those of another natural person, Art. 6, Para. 1, lit. d of the GDPR shall apply as the legal basis.

Where processing is necessary to protect our company’s or a third party’s legitimate interests, and such interests are not overridden by the interests, fundamental rights and freedoms of the data subject, Art. 6, Para. 1, lit. f of the GDPR shall apply as the legal basis for processing.

  1. Erasure of data and duration of storage

The data subject’s personal data shall be erased or blocked as soon as the purpose for which it has been stored has been fulfilled. Data may be stored beyond this period if this is specified in European or national legislation from European Union Regulations, laws or other provisions to which the controller is subject. Data shall also be blocked or erased if a storage period specified in the above standards expires, unless conclusion or fulfilment of a contract requires the data to be stored for longer.

 

  1. Providing the website and creating log files

The extent and manner of collection and use of your data differs, depending on whether you visit our website only to download information or whether you are making use of our offer – static links (VI):

  1. Description and extent of data processing

Each time our website is accessed, our system automatically collects data and information from the accessing computer system.
The following data is collected:

  1. Information on the browser type and version used
  2. The user’s operating system
  3. The user’s IP address
  4. Date and time of access
  5. Websites from which the user’s system reaches our website
  6. Websites the user’s system accesses from our website

The data is also stored in our system’s log files. This data is not stored together with any of the user’s other personal data.

  1. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6, Par. 1, lit. f of the GDPR.

  1. Purpose of data processing

The system needs to store the IP address temporarily in order to provide the website to the user’s computer. The user’s IP address must remain stored for the duration of the session for this purpose.

Storage in log files is carried out to guarantee the functionality of the website. We also use the data to optimise the website and to ensure the security of our IT systems. No data is evaluated for marketing purposes in this context.

The above purposes also constitute our legitimate interest in data processing under Art. 6, Para. 1, lit. f of the GDPR.

  1. Duration of storage

The data shall be erased as soon as it is no longer required to achieve the purpose for which it was collected. When data is collected in order to provide the website, this is the case when the respective session is ended.

When data is stored in log files, this is the case after 7 days at the latest. Extended storage is possible. In this case, users’ IP addresses are erased or modified so that they can no longer be allocated to the accessing user.

  1. Option to object and remove

It is absolutely essential to collect data in order to provide the website; it is necessary to store data in log files in order to operate the website. As a result, the user has no option to object.

 

  1. Use of cookies

Our website uses cookies. Cookies are text files which are stored in the user’s Internet browser or on the user’s computer system by the Internet browser. If a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic character string which enables unique identification of the browser the next time the website is called up.

  1. Description and extent of data processing

We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to also be identifiable after a page change.

When our website is accessed, an information banner informs users about the use of cookies, refers them to this data privacy statement and obtains their consent to processing their personal data used in this respect.

  1. Legal basis for data processing

The legal basis for processing personal data using technically necessary cookies is Art. 6, Par. 1, lit. f of the GDPR. The legal basis for processing personal data using cookies, provided that the user has given their consent to this effect, is Art. 6, Para. 1, lit. a of the GDPR.

  1. Purpose of data processing

Technically necessary cookies are employed to make it easier for users to use websites. Some functions of our website cannot be offered without the use of cookies. To this end, the browser must be recognised even after a page change

The user data collected by technically necessary cookies is not used to create user profiles. In these purposes we also have a legitimate interest in processing personal data in accordance with Art. 6, Para. 1, lit. f of the GDPR.

  1. Duration of storage and option to object and remove

Cookies are stored on the user’s computer, which transfers them to our page. As user, therefore, you have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transfer of cookies. You can delete cookies that have already been stored at any time. This can be done automatically. If cookies are deactivated for our website, it may not be possible to use all of the website’s functions in full.

 

  1. Static links to Facebook, Instagram, Twitter and LinkedIn

Our website makes use of static links to the social networks Facebook and Instagram, the microblogging service Twitter as well as a social platform LinkedIn. These services are offered by the companies Facebook Inc., Twitter Inc. and LinkedIn Corp. (“service providers”). Please inform yourself about the data privacy regulations of the various platforms.

 

VII. Rights of the data subject

If your personal data is processed then you are the data subject in the spirit of the GDPR and you have the following rights vis-a-vis the data controller:

  1. Right of access

You can request confirmation from the controller as to whether we are processing personal data concerning you.

  1. Right to erasure

  2. a) Obligation to erase

You can make a request to the controller that the personal data concerning you be erased without undue delay and the controller shall be obliged to erase this data without undue delay where one of the following grounds applies:

  1. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You withdraw your consent on which processing is based in accordance with Art. 6, Para. 1, lit. a or Art. 9, Para. 2, lit. a of the GDPR and there are no other legal grounds for processing.
  3. You object to processing pursuant to Art. 21, Para. 1 of the GDPR and there are no other overriding legitimate grounds for processing or you object to processing pursuant to Art. 21, Para. 2 of the GDPR.
  4. The personal data concerning you was processed unlawfully.
  5. The personal data concerning you must be erased for compliance with a legal obligation in Union or member state law to which the controller is subject.
  6. The personal data concerning you was collected in relation to the offer of information society services referred to in Art. 8, Para. 1 of the GDPR.
  1. b) Exceptions

The right to erasure shall not apply where processing is necessary:

  1. For exercising the right of freedom of expression and information;
  2. For compliance with a legal obligation which requires processing by Union or member state law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. For reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9 Par. 2 as well as Art. 9 Par. 3 of the GDPR;
  4.  For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in acordance with Art. 89 Par. 1 of the GDPR, in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
  5. For the establishment, exercise or defence of legal claims.

  1. Right to notification

If you have asserted your right to rectification, erasure or restriction of processing from the controller, the controller shall be obliged to inform all the recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of data or restriction of processing, unless this proves impossible or involves disproportionate effort.

You are entitled to receive information about these recipients from the controller.

  1. Right to data portability

You have the right to receive the personal data concerning you, which you provided to the controller, in a structured, commonly used and machine-readable format.

In exercising this right, you further have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected by the exercising of this right.

  1. Right to object

You shall have the right, on grounds relating to your particular situation, to object at any time to processing of the personal data concerning you based on Art. 6, Para. 1, lit. e or f of the GDPR; this shall also apply to profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

If the personal data concerning you is processed for direct marketing purposes, you shall have the right at any time to object to processing of the personal data concerning you for the purposes of such marketing; this shall also apply to profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

In the context of the use of information society services – notwithstanding Directive 2002/58/EC – you can exercise your right to object by automated means using technical specifications.

  1. Right to withdraw your declaration of consent under data privacy legislation

You have the right to withdraw your declaration of consent under data privacy legislation at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

  1. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.

VIII. Right of amendment

We reserve the right to amend this data privacy statement in order to adapt it to current regulations; the same applies to the offerings on our website.