Data protection declaration

Table of contents

• Introduction and overview
• Scope of application
• Legal basis
• Contact details of the responsible person
• Storage period
• Rights according to the General Data Protection Regulation
• Communication
• Web hosting
• Cookies
• Registration and login

Introduction and overview

We have written this privacy statement (version 25.05.2021-311283426) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as the controller - and the processors (e.g. providers) commissioned by us - process, will process in the future and what lawful options you have. The terms used are to be understood as gender-neutral.
In short, we inform you comprehensively about data we process about you.

Privacy statements usually sound very technical and use legal terminology. This privacy statement, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. To the extent that it is conducive to transparency, technical terms are explained in a reader-friendly manner, links to further information are provided and graphics are used. In this way, we inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible by providing the most concise, unclear and legalistic explanations possible, as is often standard practice on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is one or two pieces of information that you did not yet know. If you still have questions, we would like to ask you to contact the responsible office mentioned below or in the imprint, to follow the existing links and to look at further information on third party sites. Our contact details can of course also be found in the imprint.

Scope of application

This data protection declaration applies to all personal data processed by us in the association and to all personal data that companies commissioned by us (order processors). By personal data, we mean information such as a person's name, e-mail address and postal address. The processing of personal data ensures that we can provide our services, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites) that we operate
• social media presences and e-mail communication
• mobile apps for smartphones and other devices

In short, the data protection declaration applies to all areas in which personal data is processed in a structured manner within the company.

Legal basis

In the following privacy statement, we provide you with transparent information about the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data. As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679.
We only process your data if at least one of the following conditions applies:

1. Consent (Article 6(1) lit. a DSGVO): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data of a contact form.
2. Contract (Article 6(1)(b) DSGVO): In order to fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we need personal information in advance.
3. Legal obligation (Article 6(1)(c) DSGVO): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
4. Legitimate interests (Article 6(1)(f) DSGVO): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website in a secure and economically efficient manner. This processing is therefore a legitimate interest.

Further conditions such as the performance of recordings in the public interest and the exercise of official authority as well as the protection of vital interests do not generally occur with us. If such a legal basis should be relevant, it will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

• In Germany, the Federal Data Protection Act, or BDSG for short, applies.

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the responsible person

If you have any questions regarding data protection, you will find the contact details of the responsible person or office below.

Schule machen ohne Gewalt (SMOG) e.V.
Schlossbergweg 4
36286 Neuenstein

Authorized representative: Erwin Maisch
e-mail: kontakt@smogline.de
Phone: +49 6677-918211
Imprint: https://www.coolandsafe.eu/en/imprint_4286.html

Storage period

The fact that we only store personal data for as long as is absolutely necessary for the provision of our services and products applies is a general criterion with us. If it is required by law, for example in the case of accounting, this storage period may also be exceeded. This means that we delete personal data as soon as the reason for data processing no longer exists. Should you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as soon as possible and insofar as there is no obligation to store it.

We will inform you about the specific duration of the respective data processing below, provided that we have further information on this.

Rights under the General Data Protection Regulation

According to Article 13 of the GDPR, you have the following rights to ensure fair and transparent processing of data:

• According to Article 15 of the GDPR, you have the right to know whether we process data about you. If this is the case, you have the right to receive a copy of the data and to know the following information:
  • for what purpose we are processing it;
  • the categories, i.e. the types of data that are processed;
  • who receives this data and if the data is transferred to third countries, how security can be guaranteed;
  • how long the data will be stored;
  • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
  • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
  • the origin of the data if we have not collected it from you;
  • whether profiling is carried out, i.e. whether data is automatically evaluated to arrive at a personal profile of you.
• You have a right to rectification of data according to Article 16 GDPR, which means that we must correct data if you find errors.
• You have the right to erasure ("right to be forgotten") according to Article 17 GDPR, which specifically means that you may request the deletion of your data.
• According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it any further.
• According to Article 19 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.
• You have a right to object according to Article 21 GDPR, which entails a change in processing after enforcement.
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
  • If data is used to conduct direct advertising, you may object to this type of data processing at any time. We may then no longer use your data for direct marketing.
  • If data is used to carry out profiling, you may object to this type of data processing at any time. We may no longer use your data for profiling thereafter.
• According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling).

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Germany, this is the ). Federal Commissioner for Data Protection and Freedom of Information (BfDI (BfDI).

In short: You have rights - do not hesitate to contact the responsible body listed above with us!

Communication

Communication summary

Affected parties: Anyone who communicates with us by phone, e-mail or online form.

Processed data: e.g. phone number, name, e-mail address, form data entered.

More details can be found in the respective contact type used.

Purpose: handling communication with customers, business partners, etc.

Storage period: Duration of the business case and legal requirements.

Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. b DSGVO (contract), Art. 6 para. 1 lit. f DSGVO (legitimate interests).
When you contact us and communicate by phone, e-mail or online form, personal data may be processed.

As a rule, the data is stored for the duration of the business transaction or as long as required by law. The data is processed for the execution of our business activities.

Phone

When you call us, the call data is stored pseudonymously on the respective terminal device and with the telecommunications provider used. In addition, data such as name and telephone number may subsequently be sent by e-mail and stored for the purpose of responding to inquiries. The data is deleted as soon as the business case has been terminated and legal requirements permit.

E-Mail

When you communicate with us by e-mail, data is stored on the respective end device (computer, laptop, smartphone .....) and data is stored on the e-mail server. The data is deleted as soon as the business case has been terminated and legal requirements permit.

Online Forms

When you communicate with us via online form, data is stored on our web server. The data is deleted as soon as the business case has been terminated and legal requirements permit.

Legal Basis

The processing ft he data is based on the following legal bases:

• Art. 6 para. 1 lit. a DSGVO (consent): You give us your consent to store your data and to use it for purposes related to the business case;
• Art. 6 para. 1 lit. b DSGVO (contract): There is a need for the performance of a contract with you or a processor such as the telephone provider or we need to process the data for pre-contractual activities, such as the preparation of an offer;
• Art. 6 para. 1 lit. f DSGVO (Legitimate Interests): We want to operate customer inquiries and business communication in a professional framework. For this purpose, certain technical facilities such as e-mail programs, exchange servers and mobile network operators are necessary in order to be able to operate the communication efficiently.

Web hosting

Web hosting summary
Concerned parties: visitors of the website

Purpose: professional hosting of the website and securing its operation.

Processed data: IP address, time of website visit, browser used and other data. More details can be found below or at the respective web hosting provider used.

Storage period: depending on the provider, but usually 2 weeks

Legal basis: Art. 6 para. 1 lit.f DSGVO (Legitimate Interests)

What is webhosting

When you visit websites nowadays, certain information - including personal data - is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By the way, by website we mean the entirety of all web pages on a domain, i.e. everything from the home page (homepage) to the very last subpage (like this one). By domain, we mean, for example, beispiel.de or musterbeispiel.com.

When you want to view a website on a screen, you use a program called a web browser to do it. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari.

This web browser must connect to another computer where the website's code is stored: the web server. Operating a web server is a complicated and costly task, which is why this is usually done by professional providers, the providers. These offer web hosting and thus ensure reliable and error-free storage of website data.

When the browser on your computer (desktop, laptop, smartphone) connects and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data, on the other hand, the web server must also store data for a while to ensure proper operation.

For illustration:

Why do we process personal data?

The purposes of data processing are:

1. Professional hosting of the website and safeguarding of the operation
2. For reasons of operational security and to create access statistics.

What data is processed?

Even while you are visiting our website right now, our web server, which is the computer on which this website is stored, usually automatically stores data such as

• the complete Internet address (URL) of the accessed website (e.g. www.coolandsafe.eu)
• browser and browser version (e.g. Chrome 87)
• the operating system used (e.g. Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen.html/)
• the host name and IP address of the device being accessed (e.g. COMPUTERNAME and 194.23.43.121)
• date and time
• in files, the so-called web server log files

How long is data stored?

As a rule, the above data is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot exclude the possibility that this data may be viewed by authorities in the event of unlawful conduct.

In short, your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not share your information without consent!

Legal basis

The lawfulness of the processing of personal data in the context of web hosting results from Art. 6 para. 1 lit. f DSGVO (protection of legitimate interests), because the use of professional hosting with a provider is necessary to be able to present the company on the Internet in a secure and user-friendly manner.

Cookies

Cookies summary
Affected parties: visitors to the website

Purpose: depending on the cookie. You can find more details below or from the manufacturer of the software that sets the cookie.

Data processed: Depending on the cookie used in each case. You can find more details below or from the manufacturer of the software that sets the cookie.

Storage duration: depending on the cookie, can vary from hours to years
Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit.f DSGVO (Legitimate Interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used so that you can better understand the following privacy policy.

Whenever you browse the Internet, you use a browser. Popular browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are other cookies for other applications. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, effectively the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you return to our site, your browser transmits the "user-related" information back to our site. Thanks to cookies, our site knows who you are and offers you the setting you are used to. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. Here, the web browser requests a website and receives a cookie back from the server, which the browser uses again as soon as another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. Also, the expiration time of a cookie varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other "pests". Cookies also cannot access information on your PC.

For example, cookie data may look like this:
Name: _ga
Wert: GA1.2.1326744211.152311283426-9
Purpose: to distinguish website visitors
Expiration date: after 2 years
A browser should be able to support these minimum sizes:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

One can distinguish 4 types of cookies:

Essential cookies

These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user adds a product to the shopping cart, then continues surfing on other pages and later goes to the checkout. Through these cookies, the shopping cart is not deleted even if the user closes his browser window.

Purpose cookies

These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and the behavior of the website with different browsers.

Targeted cookies

These cookies provide a better user experience. For example, entered locations, font sizes or form data are stored.

Advertising cookies

These cookies are also called targeting cookies. They are used to deliver customized advertising to the user. This can be very convenient, but also very annoying.

Usually, when you visit a website for the first time, you are asked which of these cookie types you want to allow. And of course, this decision is also stored in a cookie.

If you want to know more about cookies and are not afraid of technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Internet Engineering Task Force (IETF) Request for Comments called "HTTP State Management Mechanism".

Purpose of processing via cookies

The purpose ultimately depends on the cookie in question. You can find more details below or from the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize what data is stored in cookies, but we will inform you about the processed or stored data in the following privacy policy.

Cookies storage duration

The storage period depends on the particular cookie and is specified further below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.

Right to object - how can I delete cookies?

How and whether you want to use cookies, you decide. Regardless of which service or website the cookies come from, you always have the option to delete, disable or only partially allow cookies. For example, you can block third-party cookies, but allow all other cookies.

If you want to determine which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Manage cookies and website data with Safari.

Firefox: Delete cookies to remove data that websites have placed on your computer.

Internet Explorer: delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you do not want to have cookies in principle, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow the cookie or not. The procedure varies depending on the browser. It is best to search for the instructions in Google using the search term "delete cookies Chrome" or "disable cookies Chrome" in the case of a Chrome browser.

Legal basis

The so-called "Cookie Guidelines" have been in place since 2009. These state that the storage of cookies requires your consent (Article 6 (1) a DSGVO). Within the EU countries, however, there are still very different reactions to these directives. In Austria, however, this directive was implemented in Section 96 (3) of the Telecommunications Act (TKG). In Germany, the Cookie Directives were not implemented as national law. Instead, this directive was largely implemented in Section 15 (3) of the Telemedia Act (TMG).

For absolutely necessary cookies, where there is no consent, there are legitimate interests (Article 6 para. 1 lit. f DSGVO), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience and cookies are often absolutely necessary for this.

In the following sections, you will be informed in more detail about the use of cookies, if used software uses cookies.

Registration and login

Our website offers the possibility to register by providing a nickname, password, day and month of birth and a security question.
The registration takes place without the processing of personal data and is therefore completely anonymous. Also a linkage of the Login data with the IP address does not take place.
Der Login wird genutzt um den einzelnen Benutzerfortschritt im interaktiven The login is used to save the individual user progress in the interactive "Cool and Safe" module.
For the implementation of the login, a technically necessary cookie is set until the end of the respective browser session.

Source: Created with the privacy generator from AdSimple