PRIVACY POLICY

1. Data protection – at a glance

General information

We are grateful for your interest in our website and our work. The following Privacy Policy sets out how Just Access e.V. (hereinafter referred to as “Just Access” or “we” or “us”) shall use and protect your personal data when you visit our website (https://just-access.de). Personal data is data through which you (“user”) can be identified individually. Processing your personal data is entirely in compliance with the framework of the data protection laws of the European Union, i.e., the EU General Data Protection Regulation (hereinafter “GDPR”). Please note that the provisions of the Privacy Policy elaborated herein below are applicable only to the use and access of our website under the domain “just-access.de” and shall not extend to any other third-party websites linked to from our website. The definition and interpretation of terms such as “Personal data” or “processing” correspond to their definitions in Art. 4 GDPR. Just Access is strongly committed to protecting your privacy and personal data and shall adopt all necessary and reasonable measures to protect the confidentiality of your information each time you choose to use or access our website.

Data collection on our website

Who is responsible for the data collection on this website? The website of Just Access e. V. (just-access.de) represented by Dr. Tom Sparks, collects the data. You can access further contact details at “Information on the responsible office”, as well as in the Legal Disclaimer of this website.

How do we collect your data?

We collect data which you share with us, e.g. by sending us an E-Mail which encloses your data, contributing to a fundraiser, or making a donation. Other data is collected automatically through our IT-systems once you visit our website. These are especially technical data (e.g. internet browser, software, access times). The data is collected automatically, once you visit our website.

For what do we use your data?

Data is collected in order to ensure the correct functioning of the website. An analysis of your behaviour as a user proceeds only in an anonymised manner. If you contact us, we will use the data you provide us to respond to your request. More specifically, if you send a request through the “contact us” form we will be able to use your name, email, IP address and your used software in order to respond to your request. We will treat that data according to your rights as they are described in this privacy policy. If you have made a donation or contributed to a fundraiser, we will use your information you provide for the proper processing of your donation.  This may involve sharing your information (securely) with our payment partners, such as Wikando GmbH and Stripe, in order to process your payment and to manage any recurring donations.  Our partners are carefully selected in order to ensure that they handle personal data responsibly and in compliance with the GDPR (General Data Protection Regulation), and data transfers take place under appropriate data processing agreements. Please note that we never sell or share your data with any third party, unless you explicitly give us permission to do so. In addition, we may store your personal information, including your email address, address, and personal details, together with any further information you have shared with us, in order to keep in contact with you.  In order to securely store and process your data, and to manage communications with you, we may securely transfer your data to third parties, such as a CRM Provider and email service provider.  Our partners are carefully selected in order to ensure that they handle personal data responsibly and in compliance with the GDPR (General Data Protection Regulation), and data transfers take place under appropriate data processing agreements.  Your rights under EU and other applicable law are not affected.

Which rights do you have regarding your data?

All of your rights are listed in Chapter III of the GDPR and can be exercised at any time. You have the right to obtain information regarding the origin, receipt and purpose of your personal data free of charge. Furthermore, you have the right to demand that your information shall be corrected, blocked or deleted. You can contact us at any time regarding this and other questions on data protection. Please use the contact details given under the section “Information on the responsible office”, as well as in the legal disclaimer of this website. Besides that, you have the right to lodge complaints with the German supervisory authority. Additionally, you have the right, under certain circumstances, to the restriction of the processing of your personal data. You can find details regarding this under the section “Right to restriction of processing”.  

2. General information and mandatory information

Data protection

We take the protection of your personal data seriously. We treat your personal data confidentially and in line with the data protection regulations as well as with this privacy statement. Personal data will be processed once you use this website. Personal data is data through which you can be identified individually. This privacy statement explains which data we are processing and how we are using it. We inform you that data transmission on the internet, including but not limited to encrypted communication, can be subject to security gaps. Therefore, Just Access shall adopt all necessary and reasonable means to ensure that all of your data is protected and that you have an optimal experience while visiting and using the Website.

Information on the controller and processor of your personal data

The controller is the natural or legal person which decides, alone or jointly, on the purpose and means of personal data processing (e.g. names, E-Mail addresses, or similar). A data processer is a legal or a natural person, agency, public authority, or any other body who processes personal data on behalf of a data controller.

The controller for the data processing of this website is:

Just Access e. V. NGO Represented by:  Dr. Tom Sparks Belfortstraße 15, 69115 Heidelberg, Germany E-mail: contact@just-access.de A request can be sent without formality to this email address at any time.  

Just Access uses the following data processors:

Wikando GmbH (operator of FundraisingBox) Schießgrabenstr. 32 86150 Augsburg Germany Commercial register: HRB 23391 Registry court: Augsburg Local Court Represented by the Managing Director: Peter Kral You can find more information on FundraisingBox’s privacy policy here:  https://fundraisingbox.com/en/privacy/   Salesforce, Inc. Salesforce Data Protection Officer (Salesforce Privacy Team) 415 Mission St., 3rd Floor San Francisco, CA 94105 USA privacy@salesforce.com You can find more information on Salesforce’s privacy Policy here:  https://www.salesforce.com/eu/company/privacy/   CleverReach GmbH & Co. KG CRASH Building Schafjueckenweg 2 26180 Rastede Germany Tax ID number: DE230180364 Commercial register: Amtsgericht Oldenburg / HRA 4020 Represented by: CRASH Verwaltungs GmbH | HRB 210079 Oldenburg (Oldb.) You can find more information on Cleverreach’s privacy policy here:  https://www.cleverreach.com/en-de/privacy-policy/   The legal basis for the processing of your personal data including, where applicable, the transfer of data to data processors is Article 6(1)(a) GDPR (consent), Article 6(1)(b) GDPR (performance of a contract), and Article 6(1)(f) GDPR (our legitimate interest in the proper functioning of our website and donation services), as appropriate.  If you give a donation to Just Access, contribute to a Just Access fundraising campaign, and/or sign up to our newsletter, you thereby consent to the processing of your data by Just Access and its processing partners.  

Your Rights

Withdrawing consent to data processing

Often, certain data processing is only possible with your explicit and voluntary consent. You can withdraw your consent at any time. Doing so, an informal message via E-Mail is sufficient. The data processing, which took place before the withdrawal of consent remains lawful.

Right to lodge complaints with a supervisory authority

In cases of violations of the GDPR, Art. 77 GDPR provides that the affected person has the right to lodge complaints with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement. The right to lodge complaints is without prejudice of any other administrative or judicial remedy. The contact information of the supervisory authority can be found at the following website: https://edpb.europa.eu/about-edpb/about-edpb/members_en#member-de

Right to data portability

In accordance with Art. 20 GDPR, you have the right to receive or that a third person shall receive the personal data, which we processed automatically based on you consent or in fulfilment of a contract, in a commonly used and machine-readable format. Provided that you demand the direct transmission of the data to another controller, this will be carried out as far as technically feasible.

SSL/ TLS encryption

Due to security reasons and the protection of the transmission of confidential contents, e.g. orders or requests, which you send to us as operator of our website, our website uses Secure Sockets Layer (SSL), or Transport Layer Security (TLS) encryption. You can identify an encrypted connection through the browser’s address bar, which changes from “http://” to “https://”, and through the lock-symbol in the address bar of the browser. If the SSL or TLS encryption is activated, the data, which you are transmitting to us, cannot be read by third parties.

Information, blocking, deletion, and correction

At all times, you have the right, in line with the applicable legal regulations, to obtain, free of charge, information on your stored personal data, the origin, recipient and purpose of the data processing and, where appropriate, the right to demand the correction, blocking or deletion of the respective data. Regarding this and other questions concerning personal data protection, you can always get in touch with us, using the contact given under the section “Information on the responsible office”, as well as in the imprint of this website.

Right to restriction of processing

You have the right to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR. Regarding this, you can always get in touch with us, using the contact given under the section “Information on the responsible office”, as well as in the imprint of our website. You have the right to restriction of processing in the following cases:

• If you contest the correctness of the stored personal data, we will need time to examine the same. During this period of time, you have the right to demand the restriction of the processing of your personal data.
• Provided that the data processing was or is unlawful, you have the right to demand the restriction of the data processing instead of demanding the deletion of the data.
• Provided that we do not require your personal data any longer but you need them for the establishment, exercise or defence of legal claims, you have the right to demand the restriction of the data processing instead of demanding the deletion of the data.
• Provided that you use your right to object under Art. 21 par. 1 GDPR, it will be assessed whether your interest overrides ours. Pending the verification of the same, you have the right to demand the restriction of the data processing.

Provided that you restricted the data processing, your personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

Objection to promotional e-mails

We hereby object to the use of the contact details published under our imprint in compliance of our statutory obligation for the purpose of advertisement and informative material to which we have not expressly consented. The operator of this website explicitly reserves the right to take legal actions in the case of transmission of non-solicited advertising material, including but not limited to spam mail.

3. Data collection by us

Cookies

The website uses so-called cookies. Cookies do not cause damage on your computer and do not contain viruses. Cookies serve the purpose of making our website user-friendly, effective and safer. Cookies are small text files which your internet browser files and stores on your computer. There are primarily two types of cookies:

• First party cookies are cookies that are served directly by the website operator to your computer, and are often used to recognise your computer when it revisits that site and to remember your preferences as you browse the site. Basically, these are our cookies.
• Third party cookies are served by a service provider on behalf of the website operator, and can be used by the service provider to recognise your computer when you visit other websites. Third party cookies are most commonly used for website analytics or advertising purposes, that this websites also uses as it is specified in this privacy policy.

Our website manages essential first-party cookies with the help of a plug-in named Cookie Notice for GDPR & CCPA. While using our website, you are given the option to refuse third-party non-functional cookies or revoke your consent if you choose to accept them at any point. The storage of the data of the functional cookies in both cases, accepted and refused, is set to one month and its deletion is managed by the plug-in. You can set your browser to inform you before setting new cookies and only allow cookies in individual cases, to reject cookies for certain cases or to reject them in general as well as activating the automatic deletion of cookies when closing the browser. Cookies that are necessary for the performance of the electronic communication process are stored on the base of Article 6 para. 1 lit. f GDPR. The operator of this website has legitimate interest in storing cookies to enable the error-free and optimized provision of his services. Just Access does not govern the publication of third-party cookies. Please visit the relevant third parties’ website if you want to understand more about them.

Server log files

The site’s provider collects and saves information in so-called server log files that are transferred automatically to us by your browser. They are:

• Browser type and browser version
• used operating system
• referrer URL
• host name of the accessing computer
• time of server inquiry
• IP address

A combination of this data with other data sources will not take place. The collection of this data is based on Article 6 para. 1 lit. f GDPR. The operator of this website has a legitimate interest in presenting and optimizing his website without technical errors. For this purpose, server log files have to be collected.

Inquiry via e-mail and telephone

If you contact us by e-mail or telephone, your inquiry as well as all resulting personal data (name, inquiry) will be saved and processed for the purpose of your inquiry. We do not pass on this data without your consent. This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and / or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of enquiries addressed to us. The data sent to us by you via contact requests will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

Publications on our website

If you publish contributions on our website, we store and publish your name, your institutional affiliation, as well as information about your professional background. The purpose of this publication is to inform readers, to enable them to contact the author and to clarify the scientific responsibility for the article. The legal basis is Art. 6 para. 1 lit. f GDPR. Our justified interest lies in the presentation of the contents in accordance with the principles of good scientific practice, which also includes the presentation of authorship for scientific contributions.

4. Data collection by third parties

Other than mentioned elsewhere in this Privacy policy, our website may share aggregated user information with its third party partners only to the extent necessary to allow such third party partners to perform the services they offer to users of the Just Access website. Therefore, the data collected by our third party partners will not exceed the amount strictly necessary for the operation of the website.

Google Fonts

Our website uses Google Fonts to display external fonts. This is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter: Google). Through certification according to the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active Google guarantees that it will follow the EU’s data protection regulations when processing data in the United States. To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed. The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the optimization and economic operation of our site. When you access our site, a connection to Google is established from which Google can identify the site from which your request has been sent and to which IP address the fonts are being transmitted for display.

Google analytics

Google Analytics is a data processor under GDPR because Google Analytics collects and processes data on behalf of our clients, pursuant to their instructions. Our customers are data controllers who retain full rights over the collection, access, retention, and deletion of their data at any time. Google’s use of data is controlled by the terms of its contract with Google Analytics customers and any settings enabled by customers through the user interface of our product. Google Analytics collects first-party cookies, data related to the device/browser, IP address and on-site/app activities to measure and report statistics about user interactions on the websites and/or apps that use Google Analytics. Customers may customize cookies and the data collected with features like cookie settings, User-ID, Data Import, and Measurement Protocol. Learn more Google Analytics customers who have, for instance, enabled the analytics.js or gtag.js collection method can control whether or not they use cookies to store a pseudonymous or random client identifier. If the customer decides to set a cookie, the information stored in the local first-party cookie is reduced to a random identifier (e.g., 12345.67890). Google uses Google Analytics data to provide the Google Analytics measurement service to customers. Identifiers such as cookies and app instance IDs are used to measure user interactions with a customer’s sites and/or apps, while IP addresses are used to provide and protect the security of the service, and to give the customer a sense of where in the world their users come from. Customers may also choose to use the data collected by Google Analytics for site/app personalization or advertising purposes, including ads personalization. For more information on how Google Analytics treats your data, pleasee visit the google analytics help website. Before using this website, please read about Google’s data protection provisions (www.google.de/intl/de/policies/privacy/). Further information on data processing by Google is available in Google’s privacy policy (www.policies.google.com/privacy?hl=en). On the Google privacy page, you can also change your settings to manage and protect your data .

5. Links to other websites

We link websites of other providers (third parties) that are not affiliated with us. If you click on these links, the provider no longer has any influence on which data is collected and used by these third parties. More detailed information on data collection and data use can be found in the data protection declaration of the respective third party. As the collection and processing of data by third parties is beyond our control, we cannot assume any responsibility for this.

6. Amendment

We reserve our right to update or amend this Privacy Policy at any time, with or without advance notice. Should your consent be required for any particular amendment, we will ask for it. We will also publish the amended version of the Privacy Policy here. If you visit our Website again, please refer to the Privacy Policy again. We’ll notify you about significant changes by emailing the account owner or by placing a prominent notice on our site. If you have any questions about this privacy statement or your dealings with the Just Accesss website, please contact us at contact@just-access.de.  

This data protection statement is based on the model of e-recht24.de and the model data protection statement of the law firm Weiß & Partner.