This data policy applies to the SuSanA platform susana.org, as well as to the following sub-domains: The SuSanA Discussion Forum: forum.susana.org, the SFD platform: sfd.susana.org, the Sanitation Workers Knowledge and Learning Hub: sanitationworkers.susana.org, and the SuSanA blog: blog.susana.org. All main functions of the sub-domains are described below and linked to the respective chapter in the data policy:
Data protection is of a particularly high priority for SuSanA. The use of the Internet pages of SuSanA is possible without any indication of personal data; however, if a person wants to use special services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the person.
The processing of personal data, such as the name, e-mail address, organisation or country of a user shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to SuSanA. By means of this data protection declaration, we would like to inform you of the nature, scope, and purpose of the personal data we collect, use and process.
Furthermore, users are informed, by means of this data protection declaration, of the rights to which they are entitled. SuSanA has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed.
1. Definitions
The data protection declaration of SuSanA is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for everyone. To ensure this, we would like to first explain the terminology used.
In this data protection declaration, we use, inter alia, the following terms:
Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject” in the following referred to as “User”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing. In the following the data subject is referred to as “User”.
Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Third Party
Third party is a natural or legal person, public authority, agency or body other than the user, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent
Consent of the user is any freely given, specific, informed and unambiguous indication of the user's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and Address of the controller and data protection officer
The controller in terms of the GDPR and the new Federal Data Protection Act (BDSG) is the secretariat of the Sustainable Sanitation Alliance, located at:
c/o Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH
Friedrich-Ebert-Allee 32 + 36
53113 Bonn
Germany
Internet: www.susana.org
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Please contact GIZ’s data protection officer if you have questions specifically about how your data are protected: This email address is being protected from spambots. You need JavaScript enabled to view it.
3. Collection of general data when visiting our website
The website of SuSanA collects a series of general data and information when a user or automated system calls up the website. This general data and information are stored in the server log files.
Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.
When using these general data and information, SuSanA does not draw any conclusions about the user. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, SuSanA analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a user.
The data in the log file is deleted after 5 days.
SuSanA is obliged to store the data beyond the time of the visit in order to ensure protection against attacks against GIZ’s internet infrastructure and federal communications technology (legal basis: Article 6 (1) e GDPR in conjunction with Section 5 of the German Act on the Federal Office for Information Security (BSIG).
In the event of attacks on communications technology, this data is analysed and used to initiate legal and criminal action.
Data that is logged when accessing the SuSanA website is only transferred to third parties if there is a legal obligation to do so or if the transfer is necessary for legal or criminal prosecution in the event of attacks on federal communications technology. Data will not be passed on in any other cases. This data is not merged with other data sources at SuSanA.
4. Cookies
The Internet pages of SuSanA use cookies. Cookies are text files that are stored in a computer system via an Internet browser. By means of a cookie, the information and offers on our website can be optimized with the user in mind. The purpose of this recognition is to make it easier for users to utilize our website. The website user that uses cookies, e.g. does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is thus stored on the user's computer system.
Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the user from other Internet browsers that contain other cookies.
Session Cookies
This type of cookie makes it possible to assign various requests from a browser to a session and to recognise the browser when the website is visited again (session ID). Session Cookies will be automatically deleted as soon as the browser on which the page is displayed is closed. These cookies are primarily 1st party (controlled by SuSanA) cookies and are essential in order to enable you to move around our website(s) and use its features. Without these cookies, services like making a donation or signing up to an event, cannot be provided. We do not ask for your permission to set these cookies since these type of cookies are strictly necessary in a technical sense to operate our website; however, you can set your browser to block or alert you about these cookies; if you do, please remember that some parts of our site may not work.
Tracking Cookies (Matomo/etracker)
The website uses the web analysis service Matomo and etracker to track how the user interacts with the websites. The user can allow and change the setting of these cookies in the consent-banner or at any time in the privacy settings in the footer of this website. For more information on the application and use of etracker and Matomo, please go to chapter 13.
Disabling/ Changing privacy settings
The user may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies.
The user can always change the privacy settings here:
- SuSanA Platform: https://www.susana.org/en/?consents=set
- SuSanA Discussion Forum: https://forum.susana.org/?consents=set
- SFD Platform: https://sfd.susana.org/?consents=set
- Sanitation Workers Knowledge and Learning Hub: https://sanitationworkers.susana.org/?cookiehint=set
Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the user deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.
5. Processing of personal data when contacting us
When users contact us, the data provided is processed in order to be able to respond to the enquiry. You can contact us via Email or Contact form.
Contact form
A form is provided on the SuSanA website to enable users to contact us electronically. When the user uses the contact form, we process family and given names, email address and, where appropriate and on a voluntary basis, the organisation, country, phone number and additional personal data provided in the enquiry. Providing a phone number is optional and allows, if desired, a reply to the enquiry via phone. The processing is based on consent in accordance with Article 6 (1) a GDPR and for the purpose of processing your request. By activating the checkbox and submitting the contact form, the user agrees to the transmission and storage of his or her personal data. It is possible to cancel the process of filling out the contact form at any time. Data is only transmitted if the form is sent.
An SSL-encrypted connection is used to transmit the data to SuSanA.
Contact by email
Alternatively, it is possible to contact SuSanA via the email addresses provided. In this case, at least the email address but also any other personal user data transmitted with the email (e.g. family and given name, address) as well as the information contained in the email are stored solely for the purpose of contacting the user and processing the request.
The legal basis for the processing of data in connection with email communication is Article 6 (1) e GDPR.
6. Registration as a SuSanA member
The user has the possibility to register on the SuSanA.org as a SuSanA member with the indication of personal data. When registering as a SuSanA member with a username and password, the following personal data are always collected and stored (*mandatory information for registering as a member):
- Identity data: your first and last name*, country*, organisation*
- Communication data: your email address*
- Login data: username*, password*
You can also provide the following additional (voluntary) data:
- Identity data: your gender, alternative email address
The legal basis for processing your personal data to register your account is Article 6 (1) (e) of the GDPR.
By registering on the Susana.org website as a SuSanA member, the IP address—assigned by the Internet service provider (ISP) and used by the user—date, and time of the registration are also stored. The storage of this data takes place against the background that this is the only way to prevent the misuse of our services, and, if necessary, to make it possible to investigate committed offenses. Insofar, the storage of this data is necessary to secure the controller. This data is not passed on to third parties unless there is a statutory obligation to pass on the data, or if the transfer serves the aim of criminal prosecution.
The legal basis for the describes processing is Article 6 (1) (e) of the GDPR in conjunction with Section 5 of the German Act on the Federal Office for Information Security (BSIG). In the event of attacks on communications technology, this data is analyzed and used to initiate legal and criminal action.
The registration of the user, with the voluntary indication of personal data, is intended to enable the controller to offer the user contents or services that may only be offered to registered users - like the active use of the discussion forum (see chapter 7.).
Registered persons are free to change the personal data specified during the registration at any time, or to have them completely deleted from the data stock of the controller.
7. SuSanA Discussion Forum
SuSanA offers registered SuSanA members the possibility to leave individual posts on the SuSanA Forum, which is part of the SuSanA Platform. The forum is a web-based, publicly accessible portal, through which registered members may post questions or announcements or answer to forum threads.
If a user leaves a comment on the forum, the posts made by the user are also stored and published, as well as information on the date of the commentary and on the user's (pseudonym) chosen by the user. In addition, the IP address assigned by the Internet Service Provider (ISP) to the user is also logged. This storage of the IP address takes place for security reasons, and in case the user violates the rights of third parties, or posts illegal content through a given comment.
The storage of these personal data is, therefore, in the own interest of the data controller, so that he can exculpate in the event of an infringement. This collected personal data will not be passed to third parties, unless such a transfer is required by law or serves the aim of the defense of the data controller. Activities on the SuSanA Forum will be tracked completely anonymously in order to analyse forum page actions and visits, and to prepare reports on website activities.
8. Subscription to our newsletters
On the website of SuSanA, users are given the opportunity to subscribe to our newsletter. SuSanA offers a variety of newsletters for general news, updates on activities from the Working Groups, Discussion Forum digest, or the Regional Chapters.
The input mask used for this purpose determines what personal data are transmitted, as well as the frequency and type of the newsletters. When subscribing to our newsletters, the following personal data are always collected and stored:
- Identity data: your first and last name, country, organisation
- Communication data: your email address
These newsletters may only be received by the user if the user has a valid e-mail address and the user registers for the newsletter on the website. Therefore, after entering the email address, users receive an email containing a link for confirming the authenticity of the address and the subscription (‘double opt-in’). If users do not confirm the registration by clicking on the link contained in the email, the data is deleted immediately.
During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet Service Provider (ISP) and used by the user at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a user at a later date, and it therefore serves the aim of the legal protection of the controller (legal basis: Article 6 (1) e GDPR in conjunction with Section 5 of the German Act on the Federal Office for Information Security (BSIG)).
The personal data collected as part of a registration for the newsletter will only be used to send our newsletter, Working Group updates, Discussion Forum digest or the Regional Chapter updates. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. The legal basis for the processing of data in connection with the dispatch of newsletters is the users consent in accordance with Article 6 (1) a GDPR.
The subscription to our newsletter may be terminated by the user at any time. The consent to the storage of personal data, which the user has given for shipping the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the website of the controller, or to communicate this to the controller in a different way (e.g via email).
9. Newsletter-Tracking
The newsletter of SuSanA contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows an anonymous statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, SuSanA may see which links in the e-mail were called up by users. The anonymous data of the newsletter tracking are stored separately from all personal data provided by a user.
Such anonymized and non-personal data collected in the tracking pixels contained in the newsletters are stored and analyzed by the controller in order to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the user. These anonymized and non-personal data will not be passed on to third parties.
10. Registration to Online Seminars
SuSanA website offers registration to online seminars. If a user registers to an online seminar, the personal data transmitted by the user are automatically stored. When registering for an online seminar, the following personal data are collected and stored (*mandatory information):
- Identity data: your first and last name*
- Communication data: your email address*
You can also provide the following additional (voluntary) data:
- Identity data: organisation, position, country
Such personal data transmitted on a voluntary basis by a user to the data controller are stored for the purpose of processing or contacting the user, for example to send reminders before the online seminar or recordings of the online seminar to the participants. The legal basis for processing your personal data to register for online seminars is Article 6 (1) (e) of the GDPR.
There is no transfer of this personal data to third parties and no long-term subscription to any mailing list by registering for an online seminar.
11. Registration as a SuSanA Partner
If organisations are interested in engaging with SuSanA, they can apply to become partners.
Only registered SuSanA members with a username and password can apply to become a partner and if they fulfil certain eligibility criteria. When logged in as a SuSanA partner, the following personal data are always collected and stored (*mandatory information for applying as a partner):
Personal Data:
- Identity data: Name of the contact person*, position in the organisation*
- Communication data: phone number*, personal email address*
Organisation Data:
- Identity data: Name of the organisation*, abbreviation*, founding year*, number of employees*
- Communication data: website*, organisational email address*, street address*
You can also provide the following additional (voluntary) data for your organisation:
- Communication data: phone number, fax, social media sites
The legal basis for processing your personal data to register your account is Article 6 (1) (e) of the GDPR.
The partner pages of the SuSanA platform (http://www.susana.org/en/partner) are designed to document, disseminate and exchange information about sustainable sanitation activities of SuSanA partner organisations who work on sustainable sanitation. Registered SuSanA members which are the contact person of a SuSanA partner receive access to the SuSanA partner pages to edit its content and upload or otherwise make materials available. The user must be registered with SuSanA and assigned by a SuSanA partner organisation in order to use the SuSanA Partner Pages.
When the SuSanA partner page is accessed, certain information about users, such as internet protocol (IP) addresses, navigation through the site, software used and time spent, may be stored by the Operator or on its behalf. This information may be used for website traffic analysis only, and not to identify users. No attempt will be made to monitor systematically individual users of IP addresses, or the actions that they perform.
Personal data may not be recorded or saved without the user's express consent. By completing any data collection form on the SuSanA partner pages, the user expressly agrees to the storage and processing of the data entered. All data provided by the user (such as, names, addresses etc.) will be treated as confidential, stored and processed only for the purpose for which it was collected, and made available only to the unit responsible for dealing with it. In particular, personal data will not be passed on to third parties or published or made available for general access without the user's express agreement or unless necessary to comply with a request by or for the conclusion or fulfilment of a contract with that user, or unless the Operator is obliged to make such data available to public authorities.
12. Adding Events, Projects and Publications
Members of the SuSanA secretariat and SuSanA partners can share knowledge such as publications, research and projects and advertise news and events on the SuSanA website.
Events
Events from Partners or Members can be advertised on the SuSanA platform. It will be displayed in two different locations on the website: the SuSanA homepage (www.susana.org) which has a feed for upcoming events, and the respective partner profile in the hand right hand column (e.g.: www.susana.org/en/partner/details/178). To create an event, members have to be logged in and assigned to a partner profile. Otherwise, the proposed events have to be send to the secretariat, so they can review it and upload it.
The following personal data are always collected and stored for advertising an event (*mandatory):
Personal Data:
- Identity data: Name of the contact person*
- Communication data: phone number*, personal email address*
Organisation Data:
- Identity data: Name of the organisation*
- Communication data: website*, organisational email address*, street address*
Projects
Partners can also create a project overview and provide information about the scope of the activities, the approach, the results, and even share documents. New projects will be featured directly on www.susana.org and on the respective partner profiles (e.g. www.susana.org/en/partner/details/178)
The following personal data are always collected and stored for sharing a project (*mandatory):
Personal Data:
- Identity data: Name of the contact person*
- Communication data: phone number*, personal email address*
Organisation Data:
- Identity data: Name of the organisation*
- Communication data: website*, organisational email address*, street address*
Publications
Publications can also be uploaded to the SuSanA library. The user can do it by uploading publications directly in their partner profile, or by sending the publication to the Secretariat. All submitted resources to the SuSanA website will be reviewed before their final publication.
13. Data protection provisions about the application and use of etracker and Matomo
On this website, the controller uses the web analysis service Matomo and etracker.
Matomo
We use the open-source software tool Matomo (formerly PIWIK) on our website to collect information in order to analyse the surfing behaviour of our users. In doing so, no cookies are used for web analysis. Instead, the information transmitted by your browser (IP address, working system, display resolution, browser) which is constant within a visit to our website is used to assign interactions to a visit. In doing so, the various pieces of information are combined to form an identifier (by means of a hash procedure). If the measured interactions are associated with the same identifier, they are assigned to a visit, but not to a specific user.
When storing user data, in particular the IP addresses, device and domain data of the users are stored in abbreviated form, so that it is not possible to draw conclusions about the individual user. You will remain anonymous as a user.
By evaluating the data obtained, we are able to compile information on the use of the individual components of our website (e.g to count the number of visits on our website). This helps us to constantly improve our website and its user-friendliness.
The legal basis for the data processing is your previous given consent according to Art. 6 1) a GDPR in conjunction with § 25 1) TTDSG.
You can revoke your consent at any time by revisiting our cookie banner and changing your settings accordingly (see chapter 4.).
For more information about the privacy settings of the Matomo software, please visit: https://matomo.org/docs/privacy/
Etracker
To analyze usage data, we use services of etracker GmbH from Hamburg, Germany. In doing so, no cookies are used for web analysis by default. Instead, the information transmitted by your browser (IP address, registration or device IDs) which is constant within a visit to our website is used to assign interactions to a visit. In doing so, the various pieces of information are combined to form an identifier (by means of a hash procedure). If the measured interactions are associated with the same identifier, they are assigned to a visit, but not to a specific user. You will remain anonymous as a user.
When storing user data, in particular the IP addresses, device and domain data of the users are stored in abbreviated form, so that it is not possible to draw conclusions about the individual user.
The data generated with etracker is processed and stored by etracker on behalf of GIZ exclusively in Germany and is therefore subject to strict German and European data protection laws and standards.
Since the privacy of our users is important to us, data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymized as soon as possible. No other use, combination with other data or disclosure to third parties takes place.
The legal basis for the data processing is your previous given consent according to Art. 6 1) a GDPR in conjunction with § 25 1) TTDSG.
You can revoke your consent at any time by revisiting our cookie banner and changing your settings accordingly (see chapter 4.).
The applicable data protection provisions of Etracker may be accessed under https://www.etracker.com/de/datenschutz.html.
14. Processing of personal data in connection with social network use
On its website, SuSanA invites users to visit its presence on social networking sites and platforms including, but not limited to, Facebook, Twitter, LinkedIn and YouTube.
These online presences are operated in order to interact with the users that are active on these sites and platforms and to inform them about projects and services. By clicking on a social network’s logo, the user is redirected to the GIZ presence on the respective network.
When users visit the platforms, personal data is collected, used and stored by the operators of the respective social network, but not by GIZ. This is also the case even if the users themselves do not have an account with the respective social network.
The individual data processing operations and their scope differ depending on the operator of the respective social network. SuSanA has no influence on the collection of data or its further use by the social network operators. We are not fully aware of the extent to which, where and for how long the data is stored; to what extent the networks comply with existing obligations regarding erasure; what analyses are conducted, and links established with the data; and to whom the data is disclosed.
Access to SuSanA social media sites is subject to the terms of use and privacy policies of the respective operators. Click here for the contact details and links to the data privacy policies of the social media on which GIZ maintains a presence.
- The privacy policy for the social network LinkedIn, operated by LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA, can be found at https://www.linkedin.com/legal/privacy-poicy?trk=homepage-basic_footer-privacy-policy
- The privacy policy for the social network Twitter, operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, can be found at https://twitter.com/en/privacy
- The privacy policy for the social network YouTube, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, can be found at https://www.gstatic.com/policies/privacy/pdf/20190122/f3294e95/google_privacy_policy_en_eu.pdf
- The privacy policy for the social network Facebook, operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, can be found at https://www.facebook.com/about/privacy/update?ref=old_policy
- The privacy policy for the social network Flickr, operated by Flickr, Inc., 67 E Evelyn Ave, Ste 200 Mountain View, CA 94041, USA, can be found at https://www.flickr.com/help/privacy/
Note on Facebook fan page
When you visit SuSanA’s Facebook pages, Facebook records your IP address and other information in the form of cookies. This information is used to provide SuSanA, as the operator of the Facebook page, with statistical information on how the Facebook page is used. SuSanA can access this statistical data via what are referred to as ‘Insights’ on the Facebook page.
These statistics are solely generated and provided by Facebook. As the site’s controller, SuSanA has no influence on the generation and presentation of this data. The data is provided automatically, and the service cannot be deactivated.
By operating the Facebook page, SuSanA offers a modern communication and information option. The processing of personal data in connection with the operation of the Facebook page is based on Article 6 (1) e GDPR.
As the operator of the fan page, SuSanA is jointly responsible with Facebook for the processing. However, primary responsibility for processing insights data lies with Facebook. Facebook therefore fulfils all obligations under the GDPR with regard to the processing of Insights data (including but not limited to Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR). The rights of the user can be asserted either with SuSanA or Facebook. Should you contact SuSanA, SuSanA is obliged to forward all relevant information to Facebook.
The complete Page Insights Addendum regarding responsibilities and the data processed can be found here https://www.facebook.com/legal/terms/page_controller_addendum
15. The use of social media share buttons with "Shariff"
On our website we promote a project by c't, called "Shariff". "Shariff" replaces the typical share-buttons of social networks and thereby protects surfing behavior. "Shariff" integrates the share buttons of social networks on our website as a graphic containing a link to the appropriate social network. By clicking on the appropriate icon, you will be redirected to the services of your network. The Shariff button provides direct contact between the social network and our users only when the visitor actively clicks the 'Share' button. Only then will your data be transferred to the respective social network. If, however, the Shariff button is not clicked, no exchange will be made between you and the social network. For more information about the c't project "Shariff" visit http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html.
We integrate the following social networks on our website with "Shariff":
16. Data protection provisions about the application and use of YouTube
On our website YouTube videos are embedded in "extended privacy mode”, which means that no data about you as a user will be transferred to YouTube if you did not give your prior consent and actually play the video.
By opening the video sequence, YouTube receives the information that you have accessed the corresponding subpage of our website as well as device-specific information including the IP address. This is independent of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, the information will be directly associated with your account. If you do not wish the information to be associated with your profile on YouTube, you must log out before opening the video sequence.
When you start the video sequence, data is thus transmitted to YouTube. For more information about how YouTube processes your data, please see their privacy policy at: http://www.youtube.com/t/privacy_at_youtube
Embedded YouTube video are also by default deactivated and no connection to Google Servers will be made when you visit one of our sites where a video is embedded.
The transfer of data is only carried out, after you have given us your consent to the transfer in accordance with Art. 6 (1) a GDPR. By clicking on the video and therefore activating the video, you give your consent to the data transfer. Before that no data is being transferred to YouTube.
You can revoke your consent at any time by revisiting our cookie banner and changing your settings accordingly (see chapter 4.).
17. Use of maps from open street map
We have integrated maps from the service "OpenStreetMap" on the SuSanA and SFD platform. The OpenStreetMap Foundation is based in the United Kingdom of Great Britain and Northern Ireland.
When you visit our website, no personal data will be transferred to OpenStreetMap by default. For data protection reasons, OpenStreetMap is deactivated by default. If you click on the map and agree to the transfer, as part of the use of the interactive map, your IP address will be transferred to the OpenStreetMap.
Processing of the IP address transmitted by you is necessary for the purpose of using the interactive map. The transfer of the IP address is based on your consent according to Art. 6 1) a GDPR.
When using OpenStreetMap, a transfer of personal data to the United Kingdom of Great Britain and Northern Ireland takes place. This transfer takes place on the basis of Art. 45 1) 1 GDPR.
You can revoke your consent at any time by revisiting our cookie banner and changing your settings accordingly (see chapter 4.).
All information on how OpenStreetMap is handling your data can be found here: https://wiki.osmfoundation.org/wiki/Privacy_Policy
18. Use of Google Translate and Site Search
Google Translate
We would like to offer visitors to our website the opportunity to use our website(s) in another language. For this we integrated Google Translate (operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA) on our website. The service provides automated computer translations that are only an approximation of the websites’ original content. The tool from Google Translate is only for your convenience. The generated translations should not be considered exact and may sometimes include incorrect or even offensive language. We do not warrant the accuracy, reliability or timeliness of any information translated by this system and will not accept liability for loss incurred as a result. In addition, it might not be possible to translate some applications, files or items including graphs, photos or PDFs.
Google Translate is displayed in the header of our websites. For data protection reasons, Google Translate is deactivated by default, recognizable by the translate icon in the top menu bar of the websites.
Only when you click on the icon, Google Translate will be activated and data will be transmitted to Google. Before that, no personal data will be transferred to Google.
We have no influence on the data collected and data processing procedures by Google, nor are we aware of the full extent of data collection, the purposes of processing or the storage periods.
More information on how Google processes your data can be found in the following data protection notice: http://www.google.com/intl/de_de/policies/privacy/
By using the services of Google Translate you express your explicit consent that your data will be transmitted, stored, processed etc. according to Art. 6 (1) (a) GDPR. You can revoke your consent at any time by revisiting our cookie banner and changing your settings accordingly (see chapter 4.).
Google Site Search
The google site search function in the sidebar on this website is deactivated by default. When the user uses the search function, he/she will be asked to activate. You can revoke your consent at any time by revisiting our cookie banner and changing your settings accordingly (see chapter 4.).
19. Use of Donation Button
Data will not be processed by GIZ but stored by the third-party SKAT Foundation, located at Vadianstr. 42, 9043 St. Gallen, Switzerland. The SKAT Foundation does not perform any service on our behalf, which is why we are not responsible for the process of donations or the donation button. As soon as a user makes a donation, SKAT Foundation is responsible for the data processing.
The transmission of data is securely encrypted. SKAT Foundation itself does not store any card data, the payment data is processed directly on PCI DSS certified infrastructure by RaiseNow. The information is used exclusively for the processing of donations and in compliance with data protection regulations. Non-profit donations are tax-deductible according to the applicable guidelines of the relevant tax authorities. SKAT Foundation issues a confirmation to the tax authorities (after the end of the calendar year/following the successful donation process).
Further information on how SKAT Foundation is handling your data can be found here: https://skat-foundation.ch/privacy-statement-of-skat/
20. Disclosure to third parties
SuSanA does not pass on personal data to third parties unless it is legally obliged or entitled to do so by law.
21. Transfer of data to countries outside Germany
SuSanA does not transfer personal data to third countries. When using social media, the privacy policies of the respective providers apply.
22. Period for which the personal data will be stored
User data will not be kept any longer than is necessary for the purpose for which it is processed or as required by law. SuSanA will, of course, honor any request to permanently delete and stop public display of such data by means of an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it.. Such request may take up to 4 weeks to process.
23. Existence of automated decision-making
We do not use automatic decision-making or profiling.
24. IT security of user data
SuSanA accords great importance to protecting personal data. For this reason, technical and organisational security measures ensure that data is protected against accidental and intentional manipulation and unintended erasure as well as unauthorised access. These measures are updated accordingly based on technical developments and adapted continuously in line with the risks.
25. Rights of the data subject (“user”)
Visitors to the SuSanA website have the right
- To obtain information about their data stored by us (Article15 GDPR)
- To have their data stored by us rectified (Article16 GDPR)
- To have their data stored by us erased (Article17 GDPR)
- To obtain restriction of processing of their data stored by us (Article18 GDPR)
- To object to the storage of their data if personal data are processed on the basis of the first sentence of Article6 (1) 1 f and e GDPR (Article 21 GDPR)
- To receive their personal data in a commonly used and machine-readable format from the controller such that they can be potentially transmitted to another controller (right to data portability, Article20 GDPR)
- To withdraw their consent to the extent that the data has been processed on the basis of consent (Article6 (1) a GDPR). The lawfulness of the processing on the basis of the consent given remains unaffected until receipt of the withdrawal.
Users also have the right in accordance with Article 77 GDPR to lodge a complaint with the competent data protection supervisory authority. The competent authority is the Federal Commissioner for Data Protection and Freedom of Information (BfDI).
Date of last revision is June 2022.