Data Protection

 

Preamble

Thank you for visiting our website and for your interest in our work. Data protection and data security have a very high priority at the ZIF. The protection of your personal data for the entirety of our transactions is of great importance and a particular concern to us.

 

Name and Address of the Data Controller

The party responsible within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of EU Member States as well as other provisions of data protection law is: 

Berliner Zentrum für Internationale Friedenseinsätze (ZIF) gGmbH
Ludwigkirchplatz 3-4
10719 Berlin
Tel: 030 52 00 56 5 0
Fax: 030 52 00 56 590
Email: zif(at)zif-berlin.org
Internet: www.zif-berlin.org

 

Contact Information for Data Protection Officer

You can reach our ZIF-internal data protection officer at:
datenschutz(at)zif-berlin.org
Berliner Zentrum für Internationale Friedenseinsätze (ZIF) gGmbH
Data Protection Officer
Ludwigkirchplatz 3-4
10719 Berlin 


You can reach our external data protection officer at:
HiSolutions AG
Mr. Rene Mario Meßinger
Schloßstraße 1
12163 Berlin
Telephone: +49 30 533 289-0

 

Information on Data Protection

The information in the data protection statement and the privacy notice apply to the following ZIF websites:

•    www.zif-berlin.org
•    https://tech-blog.zif-berlin.org/
•    www.missionsandmandates.org
•    www.peace-mediation-germany.de/

Exceptions for individual pages are noted in the respective section.
 
To find out about your rights as a data subject, please read: 1) Rights of the Data Subject.
 
If you would like to know what information we gather during your visit to our website and how this information is used, please read: 2) Privacy Statement for the Website. 

Changes to Our Data Protection Provisions

This privacy statement and the privacy notice will be revised when changes are made to this website or as other circumstances arise that require this. The current version can always be found on this website.
  

Data Security

We have taken technical and organisational security measures in the interest of protecting your data. Our employees are obligated to maintain data secrecy. We also use encryption procedures. The information that you provide is transmitted in encrypted form (e.g. SSL). This encrypted state is shown by a padlock symbol in the status bar of your browser and by https:// at the beginning of the address line. Our security measures are continuously being revised in line with the latest technological developments.     
 

Rights of the Data Subject

Where personal data is processed, you are a data subject as understood by the GDPR and you are entitled to the following rights vis-à-vis the data controller. To exercise these rights, you may contact our data protection officer at any time.

 

1.    Right to Information

You can request confirmation from the data controller as to whether your personal data is being processed by us.
 Should this be the case, you may request the following information from the data controller:
 (1)       the purposes for which the personal data is being processed;
 (2)       the categories of personal data being processed;
 (3)       the recipients or categories of recipients to whom your personal data relating has been or will be disclosed;
 (4)       the planned duration of the storage of your personal data or, where it is not possible to provide specific information in this matter, criteria for determining the storage period;
 (5)       the existence of a right to have your personal data rectified or erased, a right to limit the processing by the controller or a right to object to such processing;
 (6)       the existence of a right of appeal to a supervisory authority;
 (7)       all available information on the origin of the data, where the personal data is not collected from the data subject;
 (8)       the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) of the GDPR and – at least in these cases – meaningful information concerning the logic involved as well as the scope and intended consequences of such processing for the data subject.
  
 You have the right to request information as to whether your personal data is to be transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

 

2.    Right to rectification

You have the right to rectification or completion vis-à-vis the data controller if the personal data processed relating to you is inaccurate or incomplete. The data controller must carry out the rectification without delay.

 

3.    Right to restriction of processing

Under the following conditions, you may request that the processing of your personal data be restricted:
 (1)       if you dispute the accuracy of your personal data for a period of time that enables the controller to verify the accuracy of the personal data;
 (2)       the processing is unlawful, and you refuse to have the personal data erased and instead request that the use of the personal data be restricted;
 (3)       the controller no longer needs the personal data for the purposes of processing, but you need the data for the assertion, exercise or defense of legal claims, or
 (4)       if you have submitted an objection to the processing in accordance with Art. 21 (1) GDPR and it has not yet been established whether the legitimate grounds of the data controller override your grounds.
  
If the processing of your personal data has been restricted, such data may – apart from its storage – only be processed with your consent or for the assertion, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of an important public interest of the European Union or a Member State.
  
If the processing has been restricted pursuant to the above conditions, you will be informed by the controller before the restriction is lifted.

 

4.    Right to erasure

a)      Duty to erasure

You may request that the data controller erase your personal data without delay; the data controller is obliged to erase this data without delay if one of the following reasons applies:

(1)       Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
(2)       You revoke your consent on which the processing in accordance with Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR was based and there is no other legal basis for the processing.
(3)       In accordance with Art. 21 (1) GDPR you object to the processing, and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Art. 21 (2) GDPR.
(4)       Your personal data has been processed unlawfully.
(5)       The erasure of your personal data is necessary to fulfil a legal obligation under European Union law or the law of the Member States that the controller is subject to.
(6)       Your personal data has been collected in relation to information society services offered in accordance with Article 8 (1) GDPR.

 

b)      Information to third parties

Should the controller have made your personal data public and they are obliged to erase the data in accordance with Art. 17 (1) GDPR, they shall, while taking into account the available technology and the implementation costs, carry out appropriate measures, including technical measures, to inform the data controllers who process the personal data that you, as the data subject, have requested them to erase all links to this personal data or copies or replications of thereof.

 

c)      Exceptions

The right to erasure does not apply where the processing is necessary:
  
(1)       for the exercise of freedom of expression and information;
(2)       for the fulfilment of a legal obligation that requires the processing under the law of the European Union or of the Member States that the controller is subject to, or for the performance of a task that serves the public interest or takes place in the exercise of official authority vested in the controller;
(3)       for reasons concerning public interest in the field of public health in accordance with Art. 9 (2) lit. h & i and Art. 9 (3) GDPR;
(4)       for archiving, scientific or historical research purposes in the public interest or for statistical purposes in accordance with Art. 89 (1) GDPR, insofar as the law referred to under section a) is likely to make impossible or seriously impair the attainment of the objectives of such processing, or
(5)       for the assertion, exercise, or defense of legal claims.

 

5.    Right to notification

If you have exercised your right to the rectification, erasure or restriction of the processing of your personal data vis-à-vis the controller, the latter is obliged to notify all recipients to whom your personal data has been disclosed of such rectification, erasure or restriction, except when this proves impossible or involves a disproportionate effort.
  
You have the right to be notified of such recipients by the data controller.

 

6.    Right to data portability

You have the right to receive your personal data that you have provided to the controller and in a structured, commonly used and machine-readable format. Furthermore, you have the right to communicate this data to another data controller without being hindered by the controller to whom the personal data was provided, provided that
  
(1)       the processing is based on consent in accordance with Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract in accordance with Art. 6 (1) lit. b GDPR and
(2)       the processing is carried out by automated means.
  
In exercising this right, you furthermore have the right to insist that the personal data concerning you be transferred directly from one data controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be adversely affected by this.
The right to data portability does not apply for the processing of personal data necessary for the performance of a task that serves the public interest or takes place in the exercise of official authority vested in the controller.

 

7.    Right to object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of Art. 6 (1) lit. e or f GDPR.
  
The data controller will no longer process your personal data, unless they are able to prove compelling legitimate grounds for processing that override your interests, rights and freedoms, or unless the processing serves the assertion, exercise, or defense of legal claims.
  
If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct advertising.
  
If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
  
You have the option of exercising your right of objection in connection with the use of information society services – notwithstanding Directive 2002/58/EC – via automated means using technical specifications.

 

8.    Right to withdraw data protection consent

You have the right to withdraw your data protection consent at any time. The withdrawal of your consent shall not affect the legality of the processing carried out on the basis of your consent prior to revocation.

 

9.    Right to complain to another supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of presumed infringement if you are of the opinion that the processing of your personal data is in breach of the GDPR.
 
The supervisory authority with which the complaint was lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy in accordance with Article 78 GDPR.
 
The competent supervisory authority in Berlin is the:
 
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstraße 219, 10969 Berlin
Tel.: +49 30 13889-0
Fax: +49 30 2155050
e-mail: mailbox(at)datenschutz-berlin.de

 

Privacy Statement for the Website

I. Provision of the Website and Creation of Log Files

Our websites collect a range of general data and information each time the website is accessed by a data subject or an automated system. This general data and information are stored in the log files of the server.
  
 The following data is collected in the process:
  

  • The user’s IP address
  • Date and time of access

     
When using this general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed for:

  • correctly delivering and optimising the content of our website,
  • guaranteeing the long-term operability and security of our information technology systems and our website technology as well as
  • providing law enforcement authorities with the information they need for criminal prosecution in the case of a cyber attack.


This data and information are therefore evaluated both statistically and with the aim of increasing data protection and data security in our company in order to ensure an optimum level of protection for the personal data we process. The anonymous data of the server log files is stored separately from all personal data provided by the data subject.
  
We work together with a hosting provider (jimdo.com) for our website. The hosting services enable us to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services that we employ for the purpose of operating this website.

In the process we or our hosting provider (jimdo.com) process inventory data, contact data, content data, contract data, usage data, and meta and communication data of customers, interested parties and visitors to this website on the basis of our legitimate interests in the efficient and secure provision of this online content in accordance with Art. 6 (1) lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of an order processing contract).
  
The data will be erased as soon as it is no longer required to achieve the purpose of its collection. Concerning the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest.

 

II. Use of Cookies

1.    Description and scope of the data processing

Description and scope of the data processing
Our websites use cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. This enables a cookie to be stored on a user's computer when the user visits a website. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again in future.
  
You can deactivate cookies in your browser. Should you do so, however, it may be the case that the functionality of our website is no longer available to you in its entirety.
  
We use cookies in order to optimise the content and use of our websites for visitors to our websites and as such make visiting the websites and the respective sub-pages more convenient. The use of cookies serves to make the log-in procedure easier and also to determine the frequency of use and the number of users of our website and to provide you with individual user functions.
The user data collected in this way is pseudonymised via technical precautions. It is therefore no longer possible to assign the data to the user accessing the page. This data is not stored together with other personal data of the users.

 

2.    Legal basis for the data processing

The legal basis for processing personal data involving the use of cookies is Art. 6 (1) lit. f GDPR.

 

3.    Purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our websites cannot be provided without the use of cookies. For these it is necessary for the browser to be recognised again also after a page change.
  
The user data collected by technically necessary cookies is not used to create user profiles.
The analysis cookies are used for the purpose of improving the quality of our website and its contents. The analysis cookies tell us how the website is used and thereby enable us to continually optimise our content.
  
These purposes also include our legitimate interest in processing personal data in accordance with Art. 6 (1) lit. f GDPR.

 

4.     Duration of storage, option of objection and disposal

Cookies are stored on the computer of the user and transmitted to our site by the latter. As a user you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Previously saved cookies can be deleted at any time. This can also be done using an automatic function. If cookies are deactivated for our websites, it is possible that not all functions of the websites can still be used to their full extent.

 

III. Changes to Our Data Protection Provisions

This privacy statement and the privacy notice will be revised when changes are made to this website or as other circumstances arise that require this. The current version can always be found on this website.