Privacy Policy

We take the protection of your personal data very seriously during the collection, processing and usage while you are visiting our website and would like you to know when we collect what data and how we use it. We have taken the technical and organisational measures to ensure that the data protection regulations are ob-served by us as well as by any service providers.

This Privacy Policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter re-ferred to as “Data”) within our website and the web pages, functions and contents associated with it, as well as our external online presences, such as our social media profiles (hereinafter: “Online Offer”).

Responsible

Responsible for the collection, processing and use of your personal data within the meaning of Art. 4 No. 7 GDPR is

BRIDGE-BUILDER FOR CHANGE GmbH
Karlstrasse 53
80333 Munich
Email: info@bridgebuilderforchange.com
Tel: +49 160 5892 737 (Katja Pischel)
Commercial Registration: HRB 257607 München
Managing Director: Katja Pischel

Types of data processed

  • Inventory data (e.g. Your name, address)
  • Contact details (e.g. your e-mail address, phone number)
  • Content data (e.g. Your text entries on our site)
  • Usage data (e.g. the subpages you visited, access times)
  • Meta/communication data (e.g. device information, IP addresses)

Categories of affected persons

Visitors and users of the online offer (hereinafter: “Users”).

Purpose of processing

  • Provision of the online offer, its functions and content
  • Respond to contact requests and communicate with users
  • Security measures
  • Measuring reach/marketing

Terminology used

  • “Personal Data” means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); identifiable is a natural person who is directly or indirectly, in particular by means of an identi-fier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special characteristics which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person (Art. 4 paragraph 1 GDPR)
  • “Processing” means any operation carried out with or without the aid of automated procedures or any se-ries of such operations relating to personal data, such as the collection, recording, organisation, ordering, storage, adaptation or modification, reading, questioning, use, disclosure by transmission, distribution or any other form of deployment, reconciliation or linking, restriction, erasure or destruction (Art. 4 paragraph 2 GDPR).
  • “Profiling” means any type of automated processing of personal data consisting in the use of such personal data to assess certain personal aspects relating to a natural person, in particular in order to analyse or predict
    the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or change of location of this natural person (Art. 4 paragraph 4 GDPR).
  • “Pseudonymisation” means the processing of personal data in such a way that the personal data may no longer be assigned to a specific data subject without the use of additional information, provided that such additional data is information that is kept separately and subject to technical and organisational measures to ensure that the personal data are not assigned to an identified or identifiable natural person (Art. 4 paragraph 5 GDPR) .
  • “Responsible” means the natural or legal person, authority, body or other body that decides alone or jointly with others on the purposes and means of processing personal data (Art. 4 paragraph 7 GDPR).
  • “Controller” means a natural or legal person, authority, body or other body that processes personal data on behalf of the responsible (Art. 4 paragraph 8 GDPR).

Relevant statutory sources

Art. 13 GDPR stipulates that we inform you of the legal bases of our data processing. Unless the legal basis is explicitly stated in the following privacy policy, the following applies:

  • The legal basis for obtaining consents is Art. 6 Abs. 1 lit. a and Article 7 GDPR.
  • The legal basis for the processing for the performance of our services and the implementation of contractual measures as well as answering requests is Art. 6 Abs. 1 lit. b GDPR.
  • The legal basis for processing to fulfil our legal obligations is Art. 6 Abs. 1 lit. c GDPR.
  • The legal basis for the processing in order to safeguard our legitimate interests is Art. 6 Abs. 1 lit. f GDPR.
  • The legal basis in the event that vital interests of the data subject or another natural person require the processing of personal data is Art. 6 Abs. 1 lit. d GDPR.

Security

In order to secure your data, we maintain technical and organisational security measures in compliance with Art. 32 GDPR, which we constantly adapt to the state of the art.

Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data.

We have established procedures that ensure the exercise of data subjects’ rights, deletion of data and the response to data threats.

We also take into account the protection of personal data through technology design (privacy by design) and by data protection-friendly presets (privacy by default), Art. 25 GDPR.

Your personal data will be transmitted encrypted with us. This applies to all communication via our internet site. We use the SSL (Secure Socket Layer) encoding system. However, we would like to point out that data transmission on the Internet can have security problems, e.g. when communicating via e-mail.

Cooperation with processors and third parties

If, in the course of our processing, we disclose data to processors or third parties, transmit them to them or otherwise grant them access to the data, this is done exclusively on the basis of a legal permit, e.g. if you agreed to, Article 6(1) lit. a GDPR, the transmission to third parties in accordance with Article 6 (1) lit. b GDPR is required for the performance of the contract, a legal obligation provides for this, Article 6(1) lit. c GDPR, or on the basis of our legitimate interests, Art. 6 Abs. 1 lit. f GDPR.

In the case of processors, the transfer is based on an order processing contract in accordance with Article 28 GDPR

Transfers to third countries

A transfer of data to a third country, e.g. when using third-party services, is only carried out if it is necessary to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests in accordance with the aforementioned legal bases. Subject to other legal or contractual permits, we process or leave the data in a third country only if the special conditions of Art. 44 et seq. are met. GDPR (e.g. on the basis of special guarantees, such as the officially recognised determination of an EU-related level of data protection or observance of officially known special contractual obligations (e.g. “standard contractual clauses”).

Übermittlungen in Drittländer

Rights of data subjects

  • Right to confirmation and information: You have the right to obtain confirmation from us as to whether personal data concerning you are processed by type, 15 GDPR. If this is the case, you have the right to request free information from us about the personal data stored about you, together with a copy of this data.
  • Right to rectification: Under Article 16 GDPR, you have the right to require us to rectify your incorrect personal data. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.
  • Right to erasure: Under Article 17 GDPR, you have the right to request that personal data concerning you will be deleted without delay.
  • Right to restrict processing: Under the conditions of Article 18 GDPR, you have the right to request a restriction of the processing of personal data.
  • Right to data portability: Under Article 20 GDPR, you have the right to request that the personal data you provide to us are received in a structured, common and machine-readable format and that the data relating to you be transmitted to other responsible people, insofar as this is technically feasible.
  • Right of withdrawal: In accordance with Art. 7 sec. 3 GDPR, you have the right to revoke consent to the processing of personal data at any time with effect for the future.
  • Right of objection: in accordance with Article 21 GDPR, you have the right, for reasons arising from their particular situation, to object at any time to the processing of personal data concerning you, which are based on Article 6(1) lit. e or f GDPR to appeal; this shall also apply to profiling based on these provisions. If personal data is processed by us for direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct marketing.
  • Right to complain to a supervisory authority: under Article 77 GDPR, you have the right to file a complaint with the competent supervisory authority.

Deletion of data

Unless otherwise expressly stated, the data stored by us will be deleted in accordance with Art. 17 GDPR as soon as they are no longer necessary for their purpose and no legal retention obligations preclude deletion.

Unless the data is deleted because they are necessary for other and legally permissible purposes, their processing is restricted in accordance with Article 18 GDPR, i.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons. In accordance with legal requirements in Germany, the storage takes place in particular for 10 years in accordance with Sections 147 (1) No. 1, 4 and 4a, paragraph 3 AO, 257 (1) No. 1 and 4, paragraph 4 Of the German Commercial Code (books, records, management reports, accounting documents, trading books, relevant for taxation of relevant documents, etc.) and 6 years in accordance with Section 147 (1) Nos. 2, 3 and 5, paragraph 3 AO, 257 (1) No. 2 and 3, paragraph 4 of the German Commercial Code (Trade Letters).

Operation of the website and access to the website

The hosting services we use with our hosting provider are used to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical maintenance services that we use for the purpose of operating the website.

In doing so, we, or our hosting provider, process inventory data, contact data, content data, contractual data, usage data, meta- and communication data of customers, interested parties and visitors to this website on the basis of our legitimate interests. on an efficient and secure provision of this online offer in accordance with Art. 6 sec. 1 p. 1 f) GDPR in accordance with Art. 28 GDPR.

We, or our hosting provider, also process access data. These include:

  • Name and URL of the retrieved file
  • Date and time of retrieval
  • Amount of data transferred
  • Message about successful retrieval (HTTP response code)
  • Browser type and browser version
  • Operating system
  • Referer URL (i.e. the previously visited page)
  • Websites accessed by the user’s system via our website
  • User’s Internet service provider
  • IP address and the requesting provider

We use this log data without assignment to your person or other profiling for statistical evaluations for the pur-pose of operation, security and optimization of our online offer, but also for anonymous recording of the num-ber of visitors to our website, as well as the scope and method of use of our website and services, as well as for billing purposes, to measure the number of “clicks” received from cooperation partners. Based on this infor-mation, we can provide personalized and location-based content and analyze traffic, locate and correct errors, and improve our services.

This is also our legitimate interest in accordance with Art. 6 sec. 1 lit. f GDPR.

We reserve the right to check the log data retrospectively if there is a legitimate suspicion of illegal use on the basis of concrete indications. We store IP addresses in the log files for a limited period of time if this is neces-sary for security purposes or for the provision of services or the billing of a service, e.g. if you use one of our offers. After cancelling the order process or after receipt of payment, we will delete the IP address if it is no longer required for security measures. We store IP addresses even if we have a specific suspicion of a criminal offence in connection with the use of our website. In addition, if you have opened an account with us, we save the date of your last visit (e.g. registration, login, clicking on links, etc.).

Contact

When contacting us (e.g. by contact form, e-mail, telephone or via social media), the user’s details for processing the contact request and processing it in accordance with Art. 6 sec. 1 lit. b) GDPR for the fulfilment of our contractual obligations or for answering (pre-)contractual agreements and otherwise in accordance with Art. 6 sec. 1 lit. f) GDPR processed on the basis of legitimate interests in the requesting.

We will delete the requests if they are no longer required. We check the necessity every two years; In addition, the statutory archiving obligations apply.

To process and manage your contact data and for communication purposes we use the service “OnePageCRM”. Service provider is Novus Via Limited t/a OnePageCRM, Unit 109 Business Innovation Centre Upper Newcastle Galway H91 Y0T0, Ireland. You can find their privacy policy here https://www.onepagecrm.com/privacy/. The data will be saved on AWS-servers by Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA gespeichert. You can find amazon’s privacy policy here : https://aws.amazon.com/de/privacy/?nc1=f_pr.Amazon web services guarantee that they comply with the European data protection level by concluding so-called standard contract clauses for the transfer of data to countries outside the European Union. You can learn more about the security concept of Amazon Web Services here: https://aws.amazon.com/de/security/.  

We delete requests, when they are not required anymore. We review these requirements every two years. Furthermore, compulsory archiving applies.

Cookies and right of objection in direct marketing

“Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie is primarily used to store the information about a user (or the device on which the cookie is stored) during or after his visit within an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the contents of a shopping cart can be stored in an online shop or a login traffic jams. “permanent” or “persistent” are cookies that remain stored even after the browser is closed. For example, the login status can be saved when users visit it after several days. Likewise, such a cookie may store the user’s information, which is used for range measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than those responsible for the online offer (otherwise, if they are only their cookies, they are called “first-party cookies”)

If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser. Saved cookies can be deleted in the browser’s system settings. The exclusion of cookies may lead to functional limitations of this online offer.

A general objection to the use of cookies used for the purposes of online marketing can be explained in a large number of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be sufficient by means of their shutdown in the settings of the browser. Please note that not all functions of this online offer can be used.

Newsletter and other communication for sending information material

If you would like to subscribe to the newsletter offered on this website, we will need from you an e-mail address as well as information that allow us to verify that you are the owner of the e-mail address provided and consent to the receipt of the newsletter. No further data shall be collected or shall be collected only on a voluntary basis. We shall use such data only for the sending of the requested information and shall not share such data with any third parties.

The processing of the information entered into the newsletter subscription form shall occur exclusively on the basis of your consent (Art. 6 Sect. 1 lit. a GDPR). You may revoke the consent you have given to the archiving of data, the e-mail address and the use of this information for the sending of the newsletter at any time, for instance by clicking on the “Unsubscribe” link in the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place to date.

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.


Mailchimp

This website uses the services of MailChimp to send out its newsletters. The provider is the Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

Among other things, MailChimp is a service that can be deployed to organize and analyze the sending of newsletters. Whenever you enter data for the purpose of subscribing to a newsletter (e.g. your e-mail address), the information is stored on MailChimp servers in the United States.

With the assistance of the MailChimp tool, we can analyze the performance of our newsletter campaigns. If you open an e-mail that has been sent through the MailChimp tool, a file that has been integrated into the e-mail (a so-called web-beacon) connects to MailChimp’s servers in the United States. As a result, it can be determined whether a newsletter message has been opened and which links the recipient possibly clicked on. Technical information is also recorded at that time (e.g. the time of access, the IP address, type of browser and operating system). This information cannot be allocated to the respective newsletter recipient. Their sole purpose is the performance of statistical analyses of newsletter campaigns. The results of such analyses can be used to tailor future newsletters to the interests of their recipients more effectively.

If you do not want to permit an analysis by MailChimp, you must unsubscribe from the newsletter. We provide a link for you to do this in every newsletter message. Moreover, you can also unsubscribe from the newsletter right on the website.

The data is processed based on your consent (Art. 6 Sect. 1 lit. a GDPR).  You may revoke any consent you have given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place prior to your revocation.

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://mailchimp.com/legal/data-processing-addendum/#9._Jurisdiction-Specific_Terms.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

For more details, please consult the Data Privacy Policies of MailChimp at: https://mailchimp.com/legal/terms/.

Data Processing Agreement
We have executed a so-called “Data Processing Agreement” with MailChimp, in which we mandate that MailChimp undertakes to protect the data of our customers and to refrain from sharing it with third parties.

 

Integration of third-party services and content

Within our online offer, we place content or service offers based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 sec. 1 lit. f. GDPR). third parties to include their content and services, such as videos or fonts (hereinafter referred to as “Content”).

This always presupposes that the third-party providers of this content perceive the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We make every effort to use only those contents whose respective owners use the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” allow information on how to evaluate visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and, among other things, technical information about the browser and operating system, referring websites, visit time as well as further information on the use of our online offer as well as such information from other sources.

Google Web Fonts

We include the fonts (“Google Fonts”) of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ire-land, subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a le-gitimate interest within the meaning of Article 6(1) of the Lit. f GDPR. Privacy Policy: https://poli-cies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated. Google guarantees compliance with European data protection law through so-called standard contract clauses. For more information on Google Web Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.

Youtube

We include the videos of the platform “YouTube” of the provider Google Ireland Limited, Gordon House, Bar-row Street, Dublin 4, Ireland, subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The use of Youtube videos takes place in the interest of an appealing presentation of our online offers and serves the possibility of illustrating, presenting and explaining our offers. This constitutes a legitimate interest within the meaning of Article 6(1) of the Lit. f GDPR. Privacy Policy:https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated. Google guarantees compliance with European data protection law through so-called standard contract clauses.
For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under: https://policies.google.com/privacy?hl=en.

Recaptcha

We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to determine whether data entered on this website (e.g. information entered into a contact form) is being provided by a human user or by an automated program. To determine this, reCAPTCHA analyzes the behavior of the website visitors based on a variety of parameters. This analysis is triggered automatically as soon as the website visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of data (e.g. IP address, time the website visitor spent on the site or cursor movements initiated by the user). The data tracked during such analyses are forwarded to Google.

reCAPTCHA analyses run entirely in the background. Website visitors are not alerted that an analysis is underway.

Data are stored and analyzed on the basis of Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the protection of the operator’s websites against abusive automated spying and against SPAM. If a respective declaration of consent has been obtained, the data will be processed exclusively on the basis of Art. 6 Sect. 1 lit. a DGDPR. Any such consent may be revoked at any time.

For more information about Google reCAPTCHA please refer to the Google Data Privacy Declaration and Terms Of Use under the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.

Online-based Audio and Video Conferences (Conference tools)

Data Processing

We use online conference tools, among other things, for communication with our customers. The tools we use are listed in detail below. If you communicate with us by video or audio conference using the Internet, your personal data will be collected and processed by the provider of the respective conference tool and by us. The conferencing tools collect all information that you provide/access to use the tools (email address and/or your phone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” related to the communication process (metadata).

Furthermore, the provider of the tool processes all the technical data required for the processing of the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.

Should content be exchanged, uploaded or otherwise made available within the tool, it is also stored on the servers of the tool provider. Such content includes, but is not limited to, cloud recordings, chat/ instant messages, voicemail uploaded photos and videos, files, whiteboards and other information shared while using the service.

Please note that we do not have complete influence on the data processing procedures of the tools used. Our possibilities are largely determined by the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, and which we have listed below this text.

Purpose and legal bases

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 sentence 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest in the meaning of Art. 6 para. 1 lit. f GDPR). Insofar as consent has been requested, the tools in question will be used on the basis of this consent; the consent may be revoked at any time with effect from that date.

Duration of storage

Data collected directly by us via the video and conference tools will be deleted from our systems immediately after you request us to delete it, revoke your consent to storage, or the reason for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the duration of storage of your data that is stored by the operators of the conference tools for their own purposes. For details, please contact directly the operators of the conference tools.

Conference tools used

We employ the following conference tools:

Zoom

We use Zoom. The provider of this service is Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. For details on data processing, please refer to Zoom’s privacy policy: https://zoom.us/en-us/privacy.html.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://zoom.us/de-de/privacy.html.

Execution of a contract data processing agreement
We have entered into a contract data processing agreement with the provider of Zoom and implement the strict provisions of the German data protection agencies to the fullest when using Zoom.

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For details on data processing, please refer to the Microsoft Teams privacy policy: https://privacy.microsoft.com/en-us/privacystatement.

Execution of a contract data processing agreement
We have entered into a contract data processing agreement with the provider of Microsoft Teams and implement the strict provisions of the German data protection agencies to the fullest when using Microsoft Teams.

Status of this Privacy Policy: 10/28/2020