Data Protection Policy
We, Immanuel Baptist Church, Wiesbaden, thank you for visiting our website. It is very important to us as a church that we handle your data securely. Immanuel Baptist Church, Wiesbaden is a member of the Bund Evangelisch-Freikirchlicher Gemeinden (hereafter BEFG or Bund) in Deutschland K.d.ö.R. (http://www.baptisten.de) and therefore is not subject to the EU’s GDPR but instead falls under the Bund Evangelisch-Freikirchlicher Gemeinden in Deutschland K.d.ö.R’s Data Protection Regulation (DSO-BUND: http://www.baptisten.de/dso).
Therefore we wish to provide you with detailed information about the data controller and how your data is used during a visit to our website.
- Terms used in this document
- Personal data: all information pertaining to an identified or identifiable natural person (hereafter referred to as “data subject”); this means someone who can be identified directly or indirectly, especially by means of an allocated identifier such as a name, code, location data, online code or one or more specific attributes which define the physical, physiological, genetic, psychological, economic, cultural or social identity of this person.
- Sensitive data: personal data relating to a natural person’s racial or ethnic origin, political opinions, religious or ideological beliefs, trade union membership, health, sexual life or orientation, or genetic or biometric data for clear identification of a natural person.
- Processing: all processes, manual or automated, or set of processes which are performed upon personal data such as obtaining, recording, organising, storing, adapting or changing, selecting, retrieving, using, disclosing, transferring, distributing, checking, combining, restricting, deleting or destroying.
- Recipient: a natural or legal person, authority, body or any other entity to whom data is disclosed, whether a third party or not.
- Third country: a country which is not a member of the European Union.
- Bund entity: a church which is a member of the Bund Evangelisch-Freikirchlicher Gemeinden, K. d. ö. R., a regional association, the Arbeitsgemeinschaft der Brüdergemeinden, a branch, an organisation or body of the Bund.
- Data controller: a Bund entity which determines either solely or together with others the purposes and means of the processing of personal data.
- Outsourced processor: a natural or legal person, or a Bund entity if the data controller belongs to another legal person, which processes personal data on behalf of the data controller.
- Third party: a natural or legal person, authority, independent church or body other than the data subject, the data controller, the data processor or anyone else directly authorised by the data controller or the data processor to process data.
- Anonymisation: is the processing of personal data in such a way that the personal data may no longer be attributed to a specific data subject or may only be attributed with a considerable amount of time, cost and effort.
- Pseudonymisation: the processing of personal data in a such a way that the personal data may no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is stored separately and subject to technical and organisational measures which ensure that the personal data cannot be assigned to an identified or identifiable natural person.
- File System: any structured collection of personal data accessible by specific criteria, irrespective of whether that data collection is centralised, decentralised or organised on a functional or geographical basis.
- Supervisory Board or Data Protection Council: an independent body of the Bund which monitors compliance with data protection regulations.
- Bund’s Data Protection Officer: the Data Protection Officer appointed by the Bund’s Executive Board.
- Restriction of Processing: the identification of stored personal data in order to restrict its processing in the future.
- Consent: the informed, unambiguous and freely given permission from the data subject for a specific circumstance as an expression of intent in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that they are in agreement with the processing of their personal data.
- Data controller
The data controller for the Data Protection Regulation (DSO-BUND) is:
Immanuel Baptist Church
Immanuel Baptist Church is represented by Pastor Dr. Nick Howard.
If you have any general questions or suggestions for us on the subject of data protection, you may contact us any time by phone at 06122 / 12730 or by e-mail at email@example.com.
- Data Collection:
Immanuel Baptist Church, Wiesbaden’s website collects a series of general data and information with each visit to the website by a data subject or an automated system. This general data and information is stored in the server’s log files. The types of data which may be collected include: a) browser types and versions used,b) the operating system used by the accessing system,c) the website from which an accessing system reaches our website (so-called referrer),d) the sub-webpages which can be navigated to on our website via an accessing system,e) the date and time of access to the website,f) an internet protocol address (IP address),g) the accessing system’s internet service provider, and h) other similar data and information which are used for protection in the event of cyberattacks on our information technology systems.
In using this general data and information, Immanuel Baptist Church, Wiesbaden does not have any information about the data subject. Rather, this information is needed:
- a) to deliver the contents of our website correctly,
- b) to optimise the content of our website as well as the advertising for it,
- c) to ensure the ongoing functioning of our information technology systems and
the technology used for our website, as well as
- d) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyberattack.
This anonymously collected data and information is statistically evaluated by Immanuel Baptist Church, Wiesbaden and is also used with the aim of increasing the privacy and data security in our church and ultimately to ensure an optimal level of protection for the personal data which we process. The anonymous data from the server log files is stored separately from all personal data provided by the data subject.
- Legal or contractual requirements for providing personal data; requirements for entering into a contract; data subject’s obligation to provide personal data; possible consequences of non-provision
In some cases, the provision of personal data is required by law (such as tax requirements) or may be needed for contractual arrangements (such as details of the contractor). Sometimes the conclusion of a contract may require that a data subject provides personal data which then has to be processed by us. For example, the data subject is required to provide us with personal data when our church enters into a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Prior to the provision of personal data by the data subject, the data subject must contact our data protection officer / the person responsible in our church congregation. He/she will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or is a contractual requirement or is necessary for the conclusion of a contract. He/she will also inform the data subject if there is an obligation to provide the personal data and what the consequence(s) of failure to do so would be.
- Which data is collected and stored?
When visiting our website, it is not necessary to provide personal data. Personal data is specific information about the personal and factual circumstances of an identified or identifiable person (see Section 3 Paragraph 1 DSO-BUND), that is, data that allows conclusions to be drawn about a person. This data is only collected or stored by us if you voluntarily provide us with the data, for example when contacting us via the contact form.
By using the contact form we can collect the following data:
- E-mail address
- Your request
- Documents submitted by you containing personal information
Voluntarily provided personal data is collected, stored and processed solely for the purpose of establishing contact. Your data is not transferred to third parties. When using your data, close attention is paid to compliance with the data protection regulations of the DSO-BUND.
You do still have the option to prevent the storage of cookies on your own computer by changing the appropriate settings in your browser programme. However, this may lead to limited functionality of our website.
- Use of Google Analytics for website analysis
We use Google Analytics, a web analysis service of Google Inc. (“Google”), on our website. Google Analytics uses so-called “cookies”, text files that are stored on your computer and enable an analysis of your use of the website.
The information generated by the cookie about your use of this website (including your IP address) will be transmitted to and stored by Google on a server in the USA. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services related to website activity and internet usage.
Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Google will never connect your IP address with other Google data. You can prevent the installation of cookies by adjusting your browser software settings accordingly; however, please be aware that by doing this, you may not have full use of all functions of this website. By using this website, you are giving your consent to Google processing your data in the manner and for the purposes set out above.
You may object to the future collection and storage of your data at any time. We would like to point out that in view of the discussion about the use of analysis tools with complete IP addresses, we only process shortened IP addresses on this website because we use Google Analytics with the extension “_anonymizeIp ()” in order to exclude direct personal referencing.
You may prevent the collection of the data (including your IP address) generated by the cookie and related to your use of the website from Google as well as the processing of this data by Google by downloading the browser plug-in available under the following link and install: https://www.radtke-partner.de/gaoptout
You may prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available in the following link: https://www.radtke-partner.de/gaoptout (select English in top right hand corner where it says ‘Deutsch’).
- Social Media
In addition to this website, we also maintain social media presence on various platforms. If you visit such a presence, personal data may be transmitted to the provider of the social network. It is possible that in addition to the storage of the data you have actually entered in social media, other information may also be collected, processed or used by the provider of the social network.
Furthermore, the social network provider may collect, process and use the most important data from the computer system you are using to access the network – for example, your IP address, the processor type, the browser version and plug-ins used.
If you are logged in to your personal account on a social media network while you are visiting our presence, that network may assign the visit to your account. If you prefer that this does not happen, then you have to log out of your account before visiting our presence.
For the purpose and extent of data collection by the respective social network, the further processing and use of your data as well as your relevant rights, please refer to the respective terms and conditions of the respective network:
YouTube/Google+ (https://www.radtke-partner.de/gdatenschutz and scroll to the bottom of page and click on Deutsch on right hand side to change to English)
Twitter terms and conditions (https://www.radtke-partner.de/tdatenschutz and scroll to the bottom of page and click on Deutsch on right hand side to change to English)
- Social Media Plugins:
Our website contains applications (“Social Plug-ins”) from the social network Facebook. These are operated exclusively by Facebook Inc., based in Europe: Facebook Ireland Ltd, Hanover Reach, 5-7 Hanover Quay 2 Dublin IRELAND, and are marked on our site by the Facebook logo and / or the “Like” icon. Your browser does not create a direct connection to the Facebook server when you visit our website nor does it provide Facebook with any information. Information is only transmitted directly to Facebook and stored there when the Facebook button is clicked. If you are logged into Facebook via your personal user account during your visit to our website, Facebook may assign the website visit to your account. If you want to prevent such data transmission, please log out of your Facebook account before visiting our website. The provider currently has no influence on the type and extent of data collected by Facebook, the information provided here is based on the current information available. Even if the visitor does not use Facebook, it may be that Facebook gets and stores their IP address. According to Facebook, it only stores anonymised IP addresses in Germany.
If you have any questions about the collection, processing or other use of your personal data by Facebook, please contact the Data Protection Officer Facebook Ireland https://www.radtke-partner.de/fbdatenschutzbeauftragter.
- Use of Social Plugins from Facebook using the “Double Click Solution”
Our website uses Facebook’s so-called social plugins. This service is offered by the company Facebook Inc. (“Provider”).
Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). An overview of Facebook’s plug-ins and what they look like can be found here: https://www.radtke-partner.de/fbplugins
Our website may contain links to the websites of other providers. Since we have no influence on these websites, the user is advised to inquire about privacy information that may be provided there. We assume no responsibility for the contents of the linked pages.
- Embedded videos from external websites
Some of our pages have embedded content from YouTube or Instagram. Viewing any of these pages does not result in personal data being transmitted to the service provider, with the exception of the IP address. In the case of YouTube, the IP address will be transferred to Google Inc., 600 Amphitheater Parkway, Mountain View, CA 94043, USA and, in the case of Instagram, to Instagram Inc., 181 South Park Street Suite 2 San Francisco, California 94107, USA.
- Updating/Deletion of your personal data
You may at any time ask to review, change or delete any of the personal data provided to us by sending an e-mail to: firstname.lastname@example.org. If you are one of our members, you may also request not to receive further information in the future.
Likewise, you have the right to withdraw your consent at any time effective going forward.
The deletion of stored personal data occurs when you revoke your consent to storage.
The data processor processes and stores the data subject’s personal data only for the length of time deemed necessary to fulfill its purpose or as determined by any European directives or regulations or by any other legislative laws or regulations which the data processor is subject to.
If the purpose of storage is no longer valid or the storage time period required by European directives and regulations or any other legislative laws expires, the personal data will be routinely blocked or deleted according to statutory regulations.
- Rights of the data subject
Each data subject has the right to ask the data processor for confirmation of the processing of their personal data. If a data subject wishes to make use of this confirmation right, they may contact our data protection officer or another employee of the data controller at any time.
Any data subject whose personal data is being processed has the right at any time to obtain any information about their personal data from the data processor free of charge as well as a copy of that information. Furthermore, there is a right to information about the following data (Section 11 DSO-BUND):
- the processing purposes;
- the categories of personal data;
- the recipients to whom the personal data has been disclosed;
- if possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration;
- the right of rectification or erasure of their personal data, or the limits of processing by the data controller or the right to object to such processing;
- the existence of a right of appeal to the Data Protection Council;
- Information about the origin of the data.
If the data subject wishes to exercise this right to information, they may contact our data protection officer or another employee of the data controller at any time.
Every data subject affected by the processing of personal data has the right to demand the immediate rectification of incorrect personal data concerning them (Section 12 DSO-BUND). Furthermore, the data subject has the right, depending on the purposes of the processing, to request the completion of incomplete personal data – also by means of a complementary declaration (Section 12 Paragraph DSO-BUND).
If the data subject wishes to exercise this right of rectification, they may contact our data protection officer or another of the data controller’s employees involved in processing the data at any time.
Any data subject affected by the processing of personal data also has the right to request that the controller deletes the personal data concerning them immediately, as long as the following reasons are applicable and that the processing is not necessary:
- The personal data has been collected or processed for such purposes that are no longer necessary.
- The data subject revokes their consent (Section 6 Paragraph 3 DSO-BUND) which the processing according to Section 6 Paragraph 1 DSO Bund or Section 8 Paragraph 2 a) DSO-BUND is based on, and there is no other legal basis for the processing.
- The data subject objects to the processing according to Section 16 Paragraph 1 DSO-Bund and there are no prior justifiable grounds for processing.
- The personal data was unlawfully processed.
- The erasure of personal data is required to fulfill a legal obligation under church law, EU law or the law of the EU member state to which the data controller is subject.
Insofar as one of the above-mentioned points applies and a data subject wishes to request the erasure of personal data held by Immanuel Baptist Church, Wiesbaden, the data subject may contact our data protection officer or another employee at any time. The request for data erasure will be fulfilled immediately.
If Immanuel Baptist Church, Wiesbaden made the personal data public and if they are responsible in accordance with Section 13 Paragraph 1 DSO-BUND for erasing personal data, Immanuel Baptist Church, Wiesbaden will take appropriate measures, including those of a technical nature, depending on the technology available and the implementation costs, to inform other data processors who processed the published personal data about the request for erasure of all links to this personal data or copies or replications, insofar as the processing is not necessary. The data protection officer of Immanuel Baptist Church, Wiesbaden or another employee will arrange for what is necessary to be done in each case.
Each data subject has the right according Section 14 DSO-BUND to request the data processor to restrict processing if any of the following conditions apply:
- The accuracy of the personal data is contested by the data subject; restricted processing is necessary for a period of time that allows the data processor to verify the accuracy of the personal data.
- The data has been unlawfully processed; the data subject refuses the erasure of personal data and instead requests the restriction of the use of personal data.
- The data processor no longer needs the personal data for processing purposes, but the data subject requires them in order to establish, exercise or defend their legal rights.
- The data subject has objected to the processing according Section 16 Paragraph 1 DSO-BUND; it is not yet clear whether the data processor’s legitimate grounds for processing override those of the data subject.
If one of the above conditions is met and the data subject wishes to request the restriction of personal data stored by mmanuel Baptist Church, Wiesbaden, they may at any time contact our Data Protection Officer or another employee responsible for processing data. The necessary steps will then be taken to restrict the processing.
Any data subject has the right to receive in a structured, conventional and machine-readable format personal data relating to them which they have provided to a data processor. They also have the right to have this data transferred to another data processor without hindrance by the data processor to whom it was initially given. The following conditions apply to this right:
– that the processing is carried out on the basis of consent pursuant to Section 5 Paragraph 1 a) DSO-BUND or Section 8 Paragraph 2 DSO-BUND or in a contract according to Section 5 Paragraph 1 b) DSO-BUND;
– that the processing is by an automated means, unless the processing is necessary for the performance of a task in the public interest or in the exercise of official authority which has been delegated to the data controller.
Any data subject has the right, at any time and for reasons arising out of their particular circumstances, to object to the processing of their personal data, pursuant to Section 5 Paragraph 2 e), f) or g) DSO-BUND. This also applies to profiling based on these conditions.
In the case of an objection, Immanuel Baptist Church, Wiesbaden will stop processing personal data unless we may demonstrate compelling legitimate grounds for processing that override the interests, rights and freedoms of the data subject or which serve to process, assert, exercise or defend legal claims.
If Immanuel Baptist Church, Wiesbaden processes personal data in order to conduct direct advertising, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling, if it is associated with this direct advertising. If the data subject objects to Immanuel Baptist Church, Wiesbaden processing for direct marketing purposes, Immanuel Baptist Church, Wiesbaden will no longer process the personal data for these purposes.
Furthermore, the data subject has the right, for reasons that arise from their particular circumstances, to object to the processing of their personal data used by Immanuel Baptist Church, Wiesbaden for scientific or historical research purposes or for statistical purposes, according to Section 13 Paragraph 3 No. 4 DSO-BUND, unless such processing is necessary to fulfill a public interest task.
In order to exercise the right to object, the data subject may contact the Data Protection Officer or another employee of Immanuel Baptist Church, Wiesbaden directly.
Any data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect or in a similar manner significantly affects them, as long as the decision:
- is not required for the signing or fulfillment of a contract between the data subject and the data controller, or
- is permitted by the legislation of the Bund Evangelisch-Freikirchlicher Gemeinden in Deutschland K.d.ö.R., the European Union or the EU member states to which the data controller is subject, and that this legislation takes appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, or
- with the express consent of the data subject.
If the decision
- a) is necessary for the signing or fulfillment of a contract between the data subject and the data controller, or
- b) is with the explicit consent of the data subject,
Immanuel Baptist Church, Wiesbaden will take appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person by the data controller, to present their own position and to contest the decision.
If the data subject wishes to enforce their rights relating to automated decision-making, they may contact our Data Protection Officer or another employee at any time.
Any data subject has the right to withdraw consent to the processing of personal data at any time.
If the data subject wishes to assert their right to withdraw consent, they may contact our Data Protection Officer or another employee at any time.
- Legal basis for processing
Section 5 Paragraph 2 DSO-BUND serves as a legal basis for processing operations where we obtain consent for a particular processing purpose. Processing will be based on Section 5 Paragraph 2 d) DSO-Bund if the processing of personal data is necessary to fulfill a contract of which the data subject is a party, as is the case, for example, in processing operations necessary for the supply of goods or the provision of any other service or service in return. The same applies to processing operations that are necessary to carry out pre-contractual measures. If we are subject to a legal obligation that requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Section 5 Paragraph 2 d) DSO-BUND. In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and their name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be according to Section 5 Paragraph 2 e) DSO-BUND. Ultimately, processing operations could be based on Section 5 Paragraph 2 f) to h) DSO-BUND. On this legal basis, processing operations that are not covered by any of the above legal bases are required if the processing is necessary to safeguard the legitimate interest of our church or a third party, unless the interests, fundamental rights and freedoms of the data subject prevail. The same applies to processing which is necessary for the performance of a task which is in the interest of the Bund or which serves journalistic editorial purposes of the Bund.
- Notice of changes
Changes to the law or changes to our internal processes may necessitate a revision of this data protection policy. Should this be the case, we will notify you of this no later than six weeks prior to it coming into effect. You are generally entitled (No. 20) to revoke your consent. Please note that (unless you make use of your right of withdrawal) the current version of the data protection policy is the valid one.
- Your Data Protection Officer / Contact Person
If you have any questions regarding the collection, processing or use of your personal data or if you need information, rectification, erasure or blocking of your data or the revocation of consent granted or you have an objection to a particular use of the data, please contact our data protection officer directly:
Dr. Nick Howard, E-Mail: email@example.com, Telefon: 06122 / 12730