We, the International Baptist Church Berlin located in Berlin, Germany, thank you for visiting our website. It is very important to us as an organization that we handle your data securely. The International Baptist Church Berlin is part of the International Baptist Convention and the Bund Evangelisch-Freikirchlicher Gemeinden (hereafter BEFG or Bund) in Deutschland K.d.ö.R. (http://www.baptisten.de) and therefore is not subject to the EU’s GDPR but instead falls under the Bund Evangelisch-Freikirchlicher Gemeinden in Deutschland K.d.ö.R’s Data Protection Regulation (DSO-BUND: http://www.baptisten.de/dso).
Therefore, we wish to provide you with detailed information about the data controller and how your data is used during a visit to our website.
- Terms Used
Personal data: all information pertaining to an identified or identifiable natural person (hereafter referred to as “data subject”); this means someone who can be identified directly or indirectly, especially by means of an allocated identifier such as a name, code, location data, online code or one or more specific attributes which define the physical, physiological, genetic, psychological, economic, cultural or social identity of this person.
Sensitive data: personal data relating to a natural person’s racial or ethnic origin, political opinions, religious or ideological beliefs, trade union membership, health, sexual life or orientation, or genetic or biometric data for clear identification of a natural person.
Processing: all processes, manual or automated, or set of processes which are performed upon personal data such as obtaining, recording, organizing, storing, adapting or changing, selecting, retrieving, using, disclosing, transferring, distributing, checking, combining, restricting, deleting or destroying.
Recipient: a natural or legal person, authority, body or any other entity to whom data is disclosed, whether a third party or not.
Third country: a country which is not a member of the European Union.
Bund entity: a church which is a member of the Bund Evangelisch-Freikirchlicher Gemeinden, K. d. ö. R., a regional association, the Arbeitsgemeinschaft der Brüdergemeinden, a branch, an organization or body of the Bund.
Data controller: A Bund entity which determines either solely or together with others the purposes and means of the processing of personal data.
Outsourced processor: a natural or legal person, or a Bund entity if the data controller belongs to another legal person, which processes personal data on behalf of the data controller.
Third party: a natural or legal person, authority, independent church or body other than the data subject, the data controller, the data processor or anyone else directly authorized by the data controller or the data processor to process data.
Anonymization: is the processing of personal data in such a way that the personal data may no longer be attributed to a specific data subject or may only be attributed with a considerable amount of time, cost and effort.
Pseudonymization: the processing of personal data in a such a way that the personal data may no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is stored separately and subject to technical and organizational measures which ensure that the personal data cannot be assigned to an identified or identifiable natural person.
File System: any structured collection of personal data accessible by specific criteria, irrespective of whether that data collection is centralized, decentralized, or organized on a functional or geographical basis.
Supervisory Board or Data Protection Council: an independent body of the Bund which monitors compliance with data protection regulations.
Bund’s Data Protection Officer: The Data Protection Officer appointed by the Bund’s Executive Board.
Restriction of Processing: the identification of stored personal data to restrict its processing in the future.
Consent: the informed, unambiguous and freely given permission from the data subject for a specific circumstance as an expression of intent in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that they are in agreement with the processing of their personal data.
- Data Controller The data controller for the Data Protection Regulation (DSO-BUND) is:
International Baptist Church Berlin
The International Baptist Church Berlin is represented by Mathias Lehmann, Trustee.
If you have any general questions or suggestions for us on the subject of data protection, you may contact us any time by phone at +49 30 6027 2548 or by e-mail at firstname.lastname@example.org.
- Data Collection
The International Baptist Church Berlin’s website collects a series of general data and information with each visit to the website by a data subject or an automated system. This general data and information are stored in the server’s log files. The types of data which may be collected include:
a) browser types and versions used,
b) the operating system used by the accessing system,
c) the website from which an accessing system reaches our website (so-called referrer),
d) the sub-webpages which can be navigated to on our website via an accessing system,
e) the date and time of access to the website,
f) an internet protocol address (IP address),
g) the accessing system’s internet service provider, and
h) other similar data and information which are used for protection in the event of cyberattacks on our information technology systems.
In using this general data and information, the International Baptist Church Berlin does not have any information about the data subject. Rather, this information is needed:
a) to deliver the contents of our website correctly,
b) to optimize the content of our website as well as the advertising for it,
c) to ensure the ongoing functioning of our information technology systems and the technology used for our website, as well as
d) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyberattack.
This anonymously collected data and information is statistically evaluated by International Baptist Church Berlin and is also used with the aim of increasing the privacy and data security in our organization and ultimately to ensure an optimal level of protection for the personal data which we process. The anonymous data from the server log files is stored separately from all personal data provided by the data subject.
- Legal or contractual requirements for providing personal data; possible consequences of not providing personal data
In some cases, the provision of personal data is required by law (such as tax requirements) or may be needed for contractual arrangements (such as details of the contractor). Sometimes the conclusion of a contract may require that a data subject provides personal data which then has to be processed by us. For example, the data subject is required to provide us with personal data when our organization enters into a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Prior to the provision of personal data by the data subject, the data subject must contact the data processor in our organization. He/she will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or is a contractual requirement or is necessary for the conclusion of a contract. He/she will also inform the data subject if there is an obligation to provide the personal data and what the consequence(s) of failure to do so would be.
- Which Data is Collected and Stored?
When visiting our website, it is not necessary to provide personal data. Personal data is specific information about the personal and factual circumstances of an identified or identifiable person (see Section 3 Paragraph 1 DSO-BUND), that is, data that allows conclusions to be drawn about a person. This data is only collected or stored by us if you voluntarily provide us with the data, for example when contacting us via a contact form.
Voluntarily provided personal data is collected, stored and processed solely for the purpose of establishing contact. Your data is not transferred to third parties. When using your data, close attention is paid to compliance with the data protection regulations of the DSO-BUND.
You do still have the option to prevent the storage of cookies on your own computer by changing the appropriate settings in your browser programmed. However, this may lead to limited functionality of our website.
- Use of Google Analytics for Website Analysis
We use Google Analytics, a web analysis service of Google Inc. (“Google”), on our website. Google Analytics uses so-called “cookies”, text files that are stored on your computer and enable an analysis of your use of the website.
The information generated by the cookie about your use of this website (including your IP address) will be transmitted to and stored by Google on a server in the USA. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services related to website activity and internet usage.
Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Google will never connect your IP address with other Google data. You can prevent the installation of cookies by adjusting your browser software settings accordingly; however, please be aware that by doing this, you may not have full use of all functions of this website. By using this website, you are giving your consent to Google processing your data in the manner and for the purposes set out above.
You may object to the future collection and storage of your data at any time. We would like to point out that in view of the discussion about the use of analysis tools with complete IP addresses, we only process shortened IP addresses on this website because we use Google Analytics in order to exclude direct personal referencing.
You may prevent the collection of the data (including your IP address) generated by the cookie and related to your use of the website from Google as well as the processing of this data by Google by downloading the browser plug-in available under the following link and install: https://www.radtke-partner.de/gaoptout
You may prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available in the following link: https://www.radtke-partner.de/gaoptout (select English in top right hand corner where it says ‘Deutsch’).
- Use of Google Maps
Some of our pages contain maps (Google Maps) from Google Inc. When you visit a page on our website with Google Maps, no personal data, with the exception of the IP address, is transmitted. The IP address is transmitted to Google Inc., 600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). By using this website, you are consenting to the recording, processing and use of your data, either automatically collected or entered by you, by Google, one of its agents, or third parties.
- Social Media
In addition to this website, we also maintain social media presence on various platforms. If you visit such a presence, personal data may be transmitted to the provider of the social network. It is possible that in addition to the storage of the data you have actually entered in social media, other information may also be collected, processed or used by the provider of the social network.
Furthermore, the social network provider may collect, process and use the most important data from the computer system you are using to access the network – for example, your IP address, the processor type, the browser version and plug-ins used.
If you are logged in to your personal account on a social media network while you are visiting our presence, that network may assign the visit to your account. If you prefer that this does not happen, then you have to log out of your account before visiting our presence.
For the purpose and extent of data collection by the respective social network, the further processing and use of your data as well as your relevant rights, please refer to the respective terms and conditions of the respective network:
YouTube/Google+ (https://www.radtke-partner.de/gdatenschutz and scroll to the bottom of page and click on Deutsch on right hand side to change to English)
- Social Media Plugins
Our website contains applications (“Social Plug-ins”) from the social network Facebook. These are operated exclusively by Facebook Inc., based in Europe: Facebook Ireland Ltd, Hanover Reach, 5-7 Hanover Quay 2 Dublin IRELAND, and are marked on our site by the Facebook logo and / or the “Like” icon. Your browser does not create a direct connection to the Facebook server when you visit our website, nor does it provide Facebook with any information. Information is only transmitted directly to Facebook and stored there when the Facebook button is clicked. If you are logged into Facebook via your personal user account during your visit to our website, Facebook may assign the website visit to your account. If you want to prevent such data transmission, please log out of your Facebook account before visiting our website. The provider currently has no influence on the type and extent of data collected by Facebook, the information provided here is based on the current information available. It is possible that Facebook can obtain and store your IP address, even you do not use Facebook. According to Facebook, it only stores anonymized IP addresses in Germany.
If you have any questions about the collection, processing or other use of your personal data by Facebook, please contact the Data Protection Officer Facebook Ireland https://www.radtke-partner.de/fbdatenschutzbeauftragter.
Our website may contain links to the websites of other providers. Since we have no influence on these websites, the user is advised to inquire about privacy information that may be provided there. We assume no responsibility for the contents of the linked pages.
Visitors to the International Baptist Church Berlin’s website have the opportunity to subscribe to our organization’s newsletter. The personal data transmitted to the data processor can be found in the subscription form used for this purpose.
The International Baptist Church Berlin regularly sends newsletters to inform its friends and members about the organization’s events and services provided. The data subject may only receive the newsletter if:
- they have a valid email address, and
- they register to receive the newsletter.
For legal reasons, a confirmation e-mail will be sent to the e-mail address the first time it is entered by a data subject for the newsletter subscription, using the double-opt-in procedure. This confirmation email is used to check whether the owner of the e-mail address is the data subject who authorized the receipt of the newsletter.
When subscribing to the newsletter, we also store the IP address of the computer system used by the data subject at the time of registration as assigned by the Internet Service Provider (ISP), as well as the date and time of registration. The collection of this data is necessary in order to trace (potential) misuse of a data subject’s e-mail address at a later date and therefore serves as a legal safeguard for the data processor.
The personal data collected when subscribing to the newsletter will be used exclusively to send our newsletter. Furthermore, subscribers to the newsletter may be notified by e-mail if it is necessary for the operation of the newsletter service or to update their subscription in the event of changes to the newsletter offer or technical changes. No personal data collected as part of the newsletter service is distributed to third parties, with the exception of a cloud-based service for newsletter management. Subscription to our newsletter may be terminated by the data subject at any time. The consent given to store the personal data provided for the newsletter subscription may be revoked at any time. It is also possible to unsubscribe from the newsletter at any time in the link provided in every newsletter.
- Newsletter Tracking
International Baptist Church Berlin’s newsletter contains so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in emails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded pixel, International Baptist Church Berlin can see if and when an e-mail was opened by a data subject and which links in the e-mail were opened by the data subject.
Personal data collected via the tracking pixels in newsletters will be stored and evaluated by the data processor in order to optimize the delivery of the newsletter and to better adapt the content of future newsletters to the interests of the data subjects. This personal data will not be disclosed to third parties. Data subjects are entitled at any time to revoke the separate declaration of consent made via the double-opt-in procedure. After revocation, this personal data will be deleted by the data processor. Unsubscribing to the newsletter automatically indicates revocation to the International Baptist Church Berlin.
- Online Event Registration and Surveys
Visitors to the International Baptist Church Berlin’s website have the opportunity to register for events and provide feedback through online surveys. The personal data transmitted to the data processor can be found in the forms used for these purposes. A confirmation e-mail containing this information will be sent to the e-mail address provided in the form.
When registering for an event or completing an online survey, we also store the IP address of the computer system used by the data subject at that time as assigned by the Internet Service Provider (ISP), as well as the date and time. The collection of this data is necessary in order to trace (potential) misuse of a data subject’s e-mail address at a later date and therefore serves as a legal safeguard for the data processor.
The personal data collected when registering for an event or completing an online survey will be used exclusively for those purposes. Furthermore, participants may be notified by e-mail with any information relevant to the event or survey. No personal data collected as part of event registration and online surveys is distributed to third parties, except in the case of events where data may be provided to those parties involved in providing services for the event (e.g. hotels). The consent given to store the personal data provided in the registration or survey may be revoked at any time.
- Embedded Videos from External Websites
Some of our pages have embedded content from YouTube or Instagram. Viewing any of these pages does not result in personal data being transmitted to the service provider, with the exception of the IP address. In the case of YouTube, the IP address will be transferred to Google Inc., 600 Amphitheater Parkway, Mountain View, CA 94043, USA and, in the case of Instagram, to Instagram Inc., 181 South Park Street Suite 2 San Francisco, California 94107, USA.
- Data Security
We secure our website and other systems by using technical and organizational measures against loss, destruction, access, modification or dissemination of your data by unauthorized persons. Despite regular checks, complete protection against all risks is not possible.
The website uses industry standard SSL (Secure Sockets Layer) encryption. This ensures the confidentiality of your personal information on the Internet.
- Updating/Deletion of your Personal Data
You may at any time ask to review, change or delete any of the personal data provided to us by sending an e-mail to: email@example.com.
Likewise, you have the right to withdraw your consent at any time effective going forward. The deletion of stored personal data occurs when you revoke your consent to storage. The data processor processes and stores the data subject’s personal data only for the length of time deemed necessary to fulfill its purpose or as determined by any European directives or regulations or by any other legislative laws or regulations which the data processor is subject to.
If there is no longer a valid purpose for data storage or the storage time period required by European directives and regulations or any other legislative laws expires, the personal data will be routinely blocked or deleted according to statutory regulations.
- Rights of the Data Subject
Each data subject has the right to ask the data processor for confirmation of the processing of their personal data. If a data subject wishes to make use of this confirmation right, they may contact our data processor at any time.
Any data subject whose personal data is being processed has the right at any time to obtain any information about their personal data from the data processor as well as a copy of that information free of charge. Furthermore, there is a right to information about the following data (Section 11 DSO-BUND):
- the processing purposes;
- the categories of personal data;
- the recipients to whom the personal data has been disclosed;
- if possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration;
- the right of rectification or erasure of their personal data, or the limits of processing by the data controller or the right to object to such processing;
- the existence of a right of appeal to the Data Protection Council;
- Information about the origin of the data.
If the data subject wishes to exercise this right to information, they may contact our data processor at any time.
Every data subject affected by the processing of personal data has the right to demand the immediate rectification of incorrect personal data concerning them (Section 12 DSO-BUND). Furthermore, the data subject has the right, depending on the purposes of the processing, to request the completion of incomplete personal data – also by means of a complementary declaration (Section 12 Paragraph DSO-BUND).
If the data subject wishes to exercise this right of rectification, they may contact our data processor involved in processing the data at any time.
Any data subject affected by the processing of personal data also has the right to request that the controller deletes the personal data concerning them immediately, as long as the following reasons are applicable and that processing is not necessary:
- The personal data has been collected or processed for such purposes that are no longer necessary.
- The data subject revokes their consent (Section 6 Paragraph 3 DSO-BUND) which the processing according to Section 6 Paragraph 1 DSO Bund or Section 8 Paragraph 2 a) DSO-BUND is based on, and there is no other legal basis for the processing.
- The data subject objects to the processing according to Section 16 Paragraph 1 DSO-Bund and there are no prior justifiable grounds for processing.
- The personal data was unlawfully processed.
- The erasure of personal data is required to fulfill a legal obligation under church law, EU law or the law of the EU member state to which the data controller is subject.
Insofar as one of the above-mentioned points applies and a data subject wishes to request the erasure of personal data held by International Baptist Church Berlin, the data subject may contact our data processor at any time. The request for data erasure will be fulfilled immediately.
If the International Baptist Church Berlin made the personal data public and if they are responsible in accordance with Section 13 Paragraph 1 DSO-BUND for erasing personal data, the International Baptist Church Berlin will take appropriate measures, including those of a technical nature, depending on the technology available and the implementation costs, to inform other data processors who processed the published personal data about the request for erasure of all links to this personal data or copies or replications, insofar as the processing is not necessary. The International Baptist Church Berlin’s data processor will arrange for what is necessary to be done in each case.
Each data subject has the right according Section 14 DSO-BUND to request the data processor to restrict processing if any of the following conditions apply:
- The accuracy of the personal data is contested by the data subject; restricted processing is necessary for a period of time that allows the data processor to verify the accuracy of the personal data.
- The data has been unlawfully processed; the data subject refuses the erasure of personal data and instead requests the restriction of the use of personal data.
- The data processor no longer needs the personal data for processing purposes, but the data subject requires them in order to establish, exercise or defend their legal rights.
- The data subject has objected to the processing according Section 16 Paragraph 1 DSO-BUND; it is not yet clear whether the data processor’s legitimate grounds for processing override those of the data subject.
If one of the above conditions is met and the data subject wishes to request the restriction of personal data stored by the International Baptist Church Berlin, they may at any time contact our data processor. The necessary steps will then be taken to restrict the processing.
Any data subject has the right to receive in a structured, conventional and machine-readable format personal data relating to them which they have provided to the data processor. They also have the right to have this data transferred to another data processor without hindrance by the data processor to whom it was initially given. The following conditions apply to this right:
- that the processing is carried out on the basis of consent pursuant to Section 5 Paragraph 2 b) DSO-BUND or Section 8
- Paragraph 2 DSO-BUND or a legal obligation resulting from a contract according to Section 5 Paragraph 2 d) DSO-BUND;
- that the processing is by an automated means, unless the processing is necessary for the performance of a task in the public interest or in the exercise of official authority which has been delegated to the data controller.
Any data subject has the right, at any time and for reasons arising out of their particular circumstances, to object to the processing of their personal data, pursuant to Section 5 Paragraph 2 e), f) or g) DSO-BUND. This also applies to profiling based on these conditions.
In the case of an objection, the International Baptist Church Berlin will stop processing personal data unless we may demonstrate compelling legitimate grounds for processing that override the interests, rights and freedoms of the data subject or which serve to process, assert, exercise or defend legal claims.
If International Baptist Church Berlin processes personal data in order to conduct direct advertising, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling, if it is associated with this direct advertising. If the data subject objects to the International Baptist Church Berlin processing for direct marketing purposes, the International Baptist Church Berlin will no longer process the personal data for these purposes.
Furthermore, the data subject has the right, for reasons that arise from their particular circumstances, to object to the processing of their personal data used by the International Baptist Church Berlin for scientific or historical research purposes or for statistical purposes, according to Section 13 Paragraph 3 No. 4 DSO-BUND, unless such processing is necessary to fulfill a public interest task.
In order to exercise the right to object, the data subject may contact the International Baptist Church Berlin’s data processor directly.
Any data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect or in a similar manner significantly affects them, as long as the decision:
- is not required for the signing or fulfillment of a contract between the data subject and the data controller, or
- is permitted by the legislation of the Bund Evangelisch-Freikirchlicher Gemeinden in Deutschland K.d.ö.R., the European Union or the EU member states to which the data controller is subject, and that this legislation takes appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, or
- with the express consent of the data subject.
If the decision
a) is necessary for the signing or fulfillment of a contract between the data subject and the data controller, or
b) is with the explicit consent of the data subject,
the International Baptist Church Berlin will take appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person by the data controller, to present their own position and to contest the decision.
If the data subject wishes to enforce their rights relating to automated decision-making, they may contact our data processor at any time.
Any data subject has the right to withdraw consent to the processing of personal data at any time. If the data subject wishes to assert their right to withdraw consent, they may contact our data processor at any time.
- Legal Basis for Processing
Section 5 Paragraph 2 DSO-BUND serves as a legal basis for processing operations where we obtain consent for a particular processing purpose. Processing will be based on Section 5 Paragraph 2 d) DSO-Bund if the processing of personal data is necessary to fulfill a contract of which the data subject is a party, as is the case, for example, in processing operations necessary for the supply of goods or the provision of any other service or service in return. The same applies to processing operations that are necessary to carry out pre-contractual measures. If we are subject to a legal obligation that requires the processing of personal data, such as the fulfillment of tax obligations, the processing is also based on Section 5 Paragraph 2 d) DSO-BUND. In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and their name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be according to Section 5 Paragraph 2 e) DSO-BUND. Ultimately, processing operations could be based on Section 5 Paragraph 2 f) to h) DSO-BUND.
On this legal basis, processing operations that are not covered by any of the above legal bases are required if the processing is necessary to safeguard the legitimate interest of our organization or a third party, unless the interests, fundamental rights and freedoms of the data subject prevail. The same applies to processing which is necessary for the performance of a task which is in the interest of the Bund or which serves journalistic editorial purposes of the Bund. Ultimately, the processing of personal data is admissible if a legal provision of the Bund or a priority state law permits or orders it, § 5 (2) a) DSO-BUND.
- Notice of Changes
Changes to the law or changes to our internal processes may necessitate a revision of this data protection policy. Should this be the case, we will notify you of this no later than six weeks prior to it coming into effect. You are generally entitled (No. 20) to revoke your consent. Please note that (unless you make use of your right of withdrawal) the current version of the data protection policy is the valid one.
- Your Contact Person
If you have any questions regarding the collection, processing or use of your personal data or if you need information, rectification, erasure or blocking of your data or the revocation of consent granted or you have an objection to a particular use of the data, please contact our data processor directly:
E-mail: firstname.lastname@example.org, Phone: +49 30 6027 2548.