1. Introductory note
We, the International Baptist Church of Düsseldorf, thank you for visiting our website. As a church, the safe handling of your data is especially important to us. The International Baptist Church of Düsseldorf is a member of the German Baptist Union, a public sector church body whose official title is “Bund Evangelisch-Freikirchlicher Gemeinden in Deutschland K.d.ö.R.” (abbreviated to GBU; website available at www.baptisten.de) and is therefore not subject to the EU GDPR. Instead, the GBU’s own general data protection regulation (hereinafter referred to as “GBU-DPR” and available for viewing at www.baptisten.de/dso) applies.
We therefore wish to offer you detailed information concerning the data controller and the use of your data when visiting our website:
a) Personal Data: any information relating to an identified or identifiable natural person (hereinafter referred to as “Data Subject”; a natural person is considered as being identifiable, directly or indirectly, where he/she can be identified in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics expressing the physical, physiological, genetic, mental, economic, cultural or social identity of such natural person;
b) Special Data: Personal Data indicating racial and ethnic origin, political opinions, religious or ideological beliefs or trade union affiliation, as well as genetic or biometric data permitting the unique identification of a natural person, and health or sexual or sexual orientation data of a natural person;
c) Processing: any process or series of operations related to Personal Data performed with or without the aid of automated procedures, such as collection, recording, organization, ordering, storage, adaptation or modification, reading, querying, use, disclosure by means of transfer, dissemination or any other form of provision, matching or linking, restriction, erasure or destruction;
d) Recipient: any natural person or legal entity, public authority, agency or other body to which Personal Data is disclosed, irrespective of whether or not this be a third party;
e) Third Country: any country which is not a member of the European Union;
f) Office of the German Baptist Union: any church congregation which is a member of the German Baptist Union, the Community of Brethren Congregations, or any working branch or body of the German Baptist Union;
g) Data Controller: any office of the German Baptist Union which, acting alone or in conjunction with others, decides on the purposes and means of processing Personal Data;
h) Processor: any natural person or legal entity – or, if the Data Controller belongs to another legal entity, an office of the German Baptist Union – that processes Personal Data on behalf of the Data Controller;
i) Third Party: any natural person or legal entity, public authority, independent church congregation or body other than the data subject, the Data Controller, the Processor and the individuals or entities authorized to process the Personal Data under the direct responsibility of the Data Controller or Processor;
j) Anonymization: shall mean the Processing of Personal Data in such a manner that the Personal Data is no longer able to be brought into association with a specific data subject or is only able to be brought into association with an identified or identifiable person where a great deal of time, cost and manpower is expended.
k) Pseudonymization: the Processing of Personal Data in such a way that Personal Data can no longer be brought into association with a specific data subject without the need for additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the Personal Data is not allocated to any identified or identifiable natural person;
l) File System: any structured collection of Personal Data accessible by specific criteria, irrespective of whether such collection be centralized, decentralized or organized by functional or geographical criteria;
m) Supervisory Body / Data Protection Council: an independent Office of the German Baptist Union which monitors compliance with the data protection regulation;
n) National Data Protection Officer: the Data Protection Officer appointed by the Board of the German Baptist Union (hereinafter abbreviated to: National Officer);
o) Restriction of Processing: the marking of stored Personal Data in order to limit future Processing thereof;
p) Expression of Consent: any expression of wish made by the data subject voluntarily, unambiguously and in an informed manner in the form of a statement/declaration or any other unambiguous affirmative act by which the data subject indicates that he/she agrees to the Processing of the Personal Data concerning him or her.
3. Data Controller
The Data Controller within the meaning of the data protection regulation (GBU-DPR) is:
The International Baptist Church of Düsseldorf
Am Bauenhaus 30
The International Baptist Church of Düsseldorf is represented by Mr. André Huppertz (church leader).
In the event of any general queries or suggestions regarding data protection, we can be contacted at any time by telephone on +49 (0) 211 965 3683 or by e-mail at firstname.lastname@example.org.
4. Collection of data:
The International Baptist Church of Düsseldorf website collects a series of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the log files of the server. The following may be recorded:
a) The browser types and versions used,
b) The operating system used by the accessing system,
c) The web page from which an accessing system comes to our website (so-called referrer),
d) The sub-web-pages to which the user is directed by an accessing system on our website,
e) The date and time of access to the web page,
f) An internet protocol address (IP address),
g) The Internet service provider of the accessing system, and
h) Other similar data and information used to help fend off attacks on our information technology systems.
In using this general data and information, the International Baptist Church of Düsseldorf draws no conclusions regarding the data subject. Rather, this information is needed in order to
a) Deliver the content of our website properly,
b) Optimize the content of our website and advertising for it,
c) Ensure the permanent functioning of our information technology systems and the technology of our website, and
d) Provide law enforcement agencies with necessary information for prosecution in the event of a cyber attack.
This anonymously collected data and information is evaluated by the International Baptist Church of Düsseldorf statistically and with the aim of enhancing privacy and data security in our church congregation in order, ultimately, to ensure an optimum level of protection for the Personal Data processed by us. The anonymous data of the server log files is stored separately from all Personal Data provided by a data subject.
5. Statutory or contractual provisions pertaining to the provision of Personal Data; Requirements for entry into a contract; Obligation of the data subject to provide Personal Data; Potential consequences of non-provision
We wish to point out that the provision of Personal Data is, in some cases, required by law (such as tax regulations) or may result from contractual arrangements (such as details of the contracted party). From time to time, when entering into a contract, it may be necessary for a data subject to provide us with Personal Data that must subsequently be processed by us. For example, the data subject is obliged to provide us with Personal Data where our church congregation enters into a contract with him/her. Failure to provide the Personal Data would mean that the contract with the person concerned would not be able to be entered into. Prior to any provision of Personal Data by the data subject, the data subject must contact the person responsible in our church congregation. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of the Personal Data is required by law or under contract or is required for purposes of entry into the contract, and whether there is an obligation to provide the Personal Data, and what the consequence of failing to provide the Personal Data would be.
6. What data is collected and stored?
It is not necessary to provide Personal Data in order to visit our website. Personal Data are individual details concerning personal and factual circumstances of a certain or identifiable individual (see GBU-DPR, Sect. 3 Para. 1), i.e. data that enables conclusions to be drawn concerning an individual. Such data is only collected or stored by us where you voluntarily provide us with the data, for example when contacting us via the contact form.
Where the contact form is used, we collect the following data:
· E-mail address
· Telephone number
· The subject matter concerning you
· Documents submitted by you containing Personal Data
Personal Data provided voluntarily is collected, stored and processed solely for the purpose of establishing contact. Your data will not be forwarded to third parties. Of course, when using your data, we pay attention to the compliance with data protection regulations of the GBU-DPR.
However, you still have the option to prevent the storage of cookies on your own computer by changing the corresponding settings in your browser program. However, this may lead to a limited functionality of our website.
8. Use of Google Analytics for web analysis
We use Google Analytics, a web analysis service of Google Inc. (“Google”), on our website. Google Analytics uses so-called “cookies”, text files that are stored on your computer and allow your use of our website to be analyzed.
The information generated by the cookie about your use of this website (including your IP address) will be transmitted to, and stored by, Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators, and providing other services related to website activity and Internet usage.
Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Google will never associate your IP address with other Google data. You can prevent the installation of cookies by setting your browser software accordingly; however, we point out that you may not be able to use all functions of this website in full in this case. By using this website, you consent to the processing of data concerning you by Google in the manner and for the purposes set out above.
You can object to the collection and storage of your data at any time with effect for the future. In view of the discussion about the use of analysis tools with complete IP addresses, we would like to point out that in order to exclude direct personal referencing, IP addresses are only shortened on this website because we use Google Analytics with the extension “_anonymizeIp ()”.
You can prevent the collection of the data (including your IP address) generated by the cookie and related to your use of the website from Google as well as the processing of this data by Google by downloading and installing the browser plug-in available via the following link: https://www.radtke-partner.de/gaoptout
9. Social media
In addition to this website, we also maintain presences on various social media. If you visit such a presence, Personal Data may be transmitted to the provider of the social network. It is possible that in addition to the storage of the data you have actually entered in such social media, other information may also be collected, processed or used by the provider of the social network.
In addition, if necessary, the social network provider collects, processes and uses the most important data of the computer system from which you visit it – for example your IP address, the processor type used, the browser version and plug-ins.
If, while visiting such a social network, you are logged in using your personal user account issued by the relevant network, such network will be able to assign the visit to this account. If you do not wish such an assignment to be made, you must log out of your account before visiting our presence.
For the purpose and extent of data collection by the respective social network, and further processing and use of your data and your relevant rights, please refer to the respective terms of the relevant network:
Facebook terms (https://www.radtke-partner.de/fbdatenschutz)
Twitter terms (https://www.radtke-partner.de/tdatenschutz)
10. Social media plug-ins
Our website contains programs (“social plug-ins”) of the Facebook social network. These are exclusively from Facebook Inc., based in Europe: Facebook Ireland Ltd, Hanover Reach, 5-7 Hanover Quay 2 Dublin IRELAND, operated and featured on our site by the Facebook logo and / or the addition “Like”. When you visit our website, your browser does not yet create a direct connection to the Facebook server and does not provide this information. Only by clicking on the Facebook button is this information transmitted directly to Facebook and stored there. If, while visiting our website, you are logged onto Facebook via your personal user account, Facebook is able to assign the website visit to your account. If you want to prevent such data transmission, please log out before visiting our page on Facebook. The provider currently has no influence on the nature and extent of the data collected by Facebook, which is why this information is based on the current state of knowledge. Even if the visitor does not use Facebook, it may be that Facebook obtains and stores the user’s IP address. Facebook says that, in Germany, it only stores an anonymized IP address.
If you have any questions regarding the collection, Processing or other use of your Personal Data, please contact the Facebook Ireland data protection officer at https://www.radtke-partner.de/fbdatenschutzbeauftragter
Our website may contain links to the websites and pages of other providers. As we have no influence over such websites, the user is advised to inquire about the privacy information that may be provided there. We assume no responsibility for the contents of the linked-to websites and pages.
On the website of the International Baptist Church of Düsseldorf users have the opportunity to subscribe to our church newsletter. Which Personal Data is transmitted to the Processing controller when the newsletter is ordered depends upon what is entered to the input screen used for this purpose.
The International Baptist Church of Düsseldorf uses a newsletter to keep visitors, friends and members regularly informed of events, etc. on offer within the church congregation. Our church newsletter is only able to be received by the data subject if
a) the data subject has a valid e-mail address and
b) the data subject registers to receive the newsletter.
For legal reasons, using the double-opt-in procedure, a confirmation email is sent to the e-mail address initially entered by the data subject for purposes of the newsletter mailing. This confirmation email is used to check whether the owner of the email address, in his/her position as data subject, authorizes the sending/receipt of the newsletter.
When subscribing to the newsletter, we also store the IP address of the computer system used by the data subject at the time of registration, as well as the date and time of registration, as assigned by the Internet Service Provider (ISP). The collection of this data is necessary in order to be able to verify the (potential) misuse of a data subject’s email address at a later date, and therefore serves as legal safeguards for the person or entity responsible for Processing.
The Personal Data collected within the newsletter subscription process is used exclusively for purposes of sending out our newsletter. In addition, subscribers to the newsletter may be notified by email if necessary for operational purposes associated with the newsletter service or registration, as may be the case in the event of changes to the newsletter offering or technical changes. Personal Data collected within the context of the newsletter service shall not be forwarded to Third Parties. Subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of Personal Data that the data subject has given us for the newsletter mailing may be revoked at any time. Each newsletter contains a link by which consent may be revoked. It is also possible to unsubscribe from the newsletter at any time, either directly via the Processing controller’s website, or by informing the Processing controller in a different manner.
13. Newsletter tracking
The newsletters of the International Baptist Church of Düsseldorf contain so-called counting pixels. A counting pixel is a miniature graphic embedded in such emails sent in HTML format to enable log file recording and log file analysis. This permits statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded pixel, the International Baptist Church of Düsseldorf is able to detect if, and when, an e-mail was opened by a data subject, and which links in the e-mail have been accessed by the data subject.
Such Personal Data collected by means of the counting pixels contained in the newsletters will be stored and evaluated by the Processing controller for purposes of optimizing the mailing of the newsletter and adapting the content of future newsletters to the interests of the data subject. Such Personal Data will not be disclosed to third parties. Data subjects are at all times entitled to revoke the relevant separate declaration of consent made via the double-opt-in procedure. Following withdrawal of consent, such Personal Data will be erased by the Processing controller. Where the newsletter is unsubscribed, the International Baptist Church of Düsseldorf shall interpret this automatically as withdrawal of consent.
14. Embedded videos from external websites
Some of our pages carry embedded content from YouTube or Instagram. Retrieval of any of these pages does not result in Personal Data other than the IP address being transmitted to the service provider. The IP address is transmitted, in the case of YouTube, to Google Inc., 600 Amphitheater Parkway, Mountain View, CA 94043, USA, and, in the case of Instagram, to Instagram Inc., 181 South Park Street Suite 2 San Francisco, California 94107, USA.
15. Data security
We safeguard our website and other systems by technical and organizational means against loss, destruction, access, modification or dissemination of your data by unauthorized persons. Despite regular checks, total protection against all risks is impossible.
Parts of the website use industry standard SSL (secure sockets layer) encryption. This ensures the confidentiality of your personal information over the Internet.
16. Updating and erasure of your Personal Data
You have the opportunity at any time to review, amend or erase the Personal Data provided to us by sending us an email at email@example.com. If you are a member of our church, you can also register you wish your wish there not to receive future notifications.
Likewise, after giving statements of consent, you are entitled to withdraw them at any time, effective henceforth.
Stored Personal Data will be erased when you withdraw your consent to its being stored.
The Processing controller shall process and store the Personal Data pertaining to the data subject only for such period as be necessary to achieve the purpose of storage, or where this has be prescribed by the giver of European directives or regulations or by any other legislator as part of laws or regulations to which the Processing controller is subject.
Where the purpose of storage ceases to exist, or where a storage period prescribed by the giver of European directives and regulations or any other relevant legislator expires, the Personal Data shall be routinely blocked or erased in accordance with the statutory provisions.
17. Rights of data subjects
Each data subject has the right to ask the Processing controller for confirmation of whether he/she/it processes Personal Data pertaining to him or her. If a data subject wishes to avail him or herself of this right to obtain confirmation, he or she may at any time contact our Data Protection Officer or a member of our staff representing the Processing controller.
Any person affected by the Processing of Personal Data is entitled at any time to be informed by the Processing controller free of charge as to which Personal Data is stored concerning him or her, and to receive a copy of such details. Furthermore, there exists a right to information concerning the following information (GBU-DPR, Sect. 11):
· the Processing purposes;
· the categories of Personal Data;
· the recipients to whom the Personal Data has been disclosed;
· where possible, the planned duration for which the Personal Data is stored, or, where this is not possible, the criteria for determining such duration;
· the existence of a right to rectification or erasure of the Personal Data concerning them or to restriction of Processing by the Responsible Party or the existence of a right to object to such Processing;
· the existence of a right of appeal to the Data Protection Council;
· Information concerning the origin of the data.
If a data subject wishes to avail him or herself of this right of access, he or she may at any time contact our Data Protection Officer or a member of our staff representing the Processing controller.
Every person affected by the Processing of Personal Data has the right to demand immediate rectification of incorrect Personal Data concerning them (GBU-DPR, Sect 12). Furthermore, the data subject has the right, with due regard to the purposes of Processing, to demand completion of incomplete Personal Data – also by means of a supplementary declaration (GBU-DPR, Sect. 12 Para. 2).
If a data subject wishes to avail him or herself of this right of rectification, he or she may at any time contact our Data Protection Officer or a member of our staff representing the Processing controller.
Any person affected by the Processing of Personal Data also has the right to require the controller to delete the Personal Data concerning him or her without delay, provided that one of the following reasons is satisfied and insofar as the Processing is not required:
· The Personal Data has been collected or otherwise processed for such purposes for which they are no longer required.
· The data subject withdraws his or her consent (GBU-DPR, Sect. 6 Para. 3), upon which the Processing as per GBU-DPR Sect. 6 Para. 1 or Sect. 8 Para. 2a was based, and there exists no other legal basis for the Processing.
· The data subject lodges an objection under GBU-DPR Sect. 16 Para. 1 to the Processing, and there exist no prior justifiable grounds for the Processing.
· The Personal Data has been processed unlawfully.
· Erasure of the Personal Data is required to fulfil a legal obligation under the law of canons, EU law or the law of the member states to which the controller is subject.
Where one of the above reasons applies and a data subject wishes to have Personal Data held by the International Baptist Church of Düsseldorf erased, he or she may contact our data protection officer or one of our Processing controllers’ employees at any time. This person will then see to it that the request for erasure is complied with straight away.
Where Personal Data has been made public by the International Baptist Church of Düsseldorf and the latter bears responsibility under Sect. 13 Para. 1 of the GBU-DPR for the erasure of the Personal Data, the International Baptist Church of Düsseldorf shall, taking due account of the available technology and costs of implementation, take appropriate measures, including those of a technical nature, to inform data Processing controllers who process the published Personal Data that the data subject has demanded that such other data Processing controllers erase all links to such Personal Data and to copies or replications of such Personal Data, insofar as Processing is not a necessity. The data protection officer of the International Baptist Church of Düsseldorf or other member of staff shall make the necessary arrangements on a case-by-case basis.
Any person affected by the Processing of Personal Data also has the right under Sect. 14 of the GBU-DPR to require the controller to restrict the Processing of data where one of the following conditions is met:
· The accuracy of the Personal Data is contested by the data subject for such period of time as enables the controller to verify the accuracy of the Personal Data.
· The Processing is unlawful, the data subject refuses to allow the Personal Data to be erased and instead requests that the use of Personal Data be restricted.
· The controller no longer requires the Personal Data for the purposes of Processing, but the data subject requires them for purposes of asserting, exercising or defending legal claims or entitlements.
· The data subject has objected to the Processing under Sect. 16 Para. 1 of the GBU-DPR, and it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject.
Where one of the above conditions exists and a data subject wishes to require that Personal Data held by the International Baptist Church of Düsseldorf be restricted, he or she may contact our data protection officer or our member of staff at any time. This person shall then cause the restriction of Processing to be applied.
Any data subject whose Personal Data is subjected to Processing has the right to receive, in a structured, commonly used and machine-readable format, the Personal Data pertaining to him or her which has been provided by him or her to a controller. Such person also has the right to transfer such data to another controller without hindrance by the controller to whom the Personal Data has been provided, that the Processing is carried out under an expression of consent pursuant to Sect. 5 Para. 1a or Sect. 8 Para. 2 of the GBU-DPR or under a contract pursuant to Sect. 5 Para. 1b of the GBU-DPR and that the Processing is undertaken by automated means, unless the Processing be necessary for the performance of a task in the public interest or in the exercise of public authority delegated to the controller.
Any data subject affected by the Processing of Personal Data is entitled, at any time for reasons arising out of their particular situation, to lodge an objection to the Processing of Personal Data pertaining to them where such Processing is conducted under Section 5 Para. 2 e), f) or g) of the GBU-DPR. This also applies to profiling based upon such provisions.
In the event of an objection, the International Baptist Church of Düsseldorf longer Processes the Personal Data unless we can demonstrate compelling legitimate grounds for Processing that outweigh the interests, rights and freedoms of the data subject, or where the Processing is in the interests of asserting, exercising or defending legal claims or entitlements.
Where the International Baptist Church of Düsseldorf processes Personal Data in order to undertake direct marketing promotion, the data subject has the right to object at any time to the Processing of Personal Data for such promotional purpose. This also applies to profiling insofar as this be associated with such direct marketing. Where the data subject lodges an objection with the International Baptist Church Düsseldorf to Processing for the purpose of direct marketing, the International Baptist Church of Düsseldorf shall no longer process the Personal Data for such purposes.
In addition, the data subject has the right, for reasons that arise from his or her particular situation, to lodge an objection to the Processing of Personal Data pertaining to them which is carried out at the International Baptist Church of Düsseldorf for scientific or historical research purposes or for statistical purposes pursuant to Sect. 13 Para. 3 Item 4 of the GBU-DPR unless such Processing is necessary to comply with a public interest.
In order to exercise the right of objection, the data subject may contact a member of the International Baptist Church of Düsseldorf staff directly.
Any data subject affected by the Processing of Personal Data has the right not to be subjected to a decision which is based solely on automated Processing, including profiling, and which has a legal impact on him or her or impinges materially upon him or her in a similar manner insofar as such decision
a) is not required for the conclusion or performance of a contract between the data subject and the controller, or
b) is permitted under legal regulations of the German Baptist Union, the European Union or its member states to which the controller is subject, and such legal regulations contain appropriate measures for the safeguarding of the rights, freedoms and legitimate interests of the data subject, or
c) is taken with the express consent of the data subject.
Where the decision is
a) required for the conclusion or performance of a contract between the data subject and the controller, or
b) where it is taken with the express consent of the data subject, the International Baptist Church of Düsseldorf shall take reasonable action to safeguard the rights and freedoms and legitimate interests of the data subject, including as a minimum the right to secure the intervention of a person acting for the controller, the right to explain one’s own point of view, and the right to challenge the decision.
If the data subject wishes to avail him or herself of rights with regard to automated decisions, he or she may at any time contact our Data Protection Officer or a member of our staff representing the Processing controller.
Any data subject affected by the Processing of Personal Data has the right to withdraw consent to the Processing of Personal Data at any time.
If the data subject wishes to avail him or herself of his or her right to withdraw any consent, he or she may at any time contact our Data Protection Officer or a member of our staff representing the Processing controller.
18. Legal basis for Processing
Sect. 5 Para. 2 of the GBU-DPR acts as a legal basis for our Processing operations for which we obtain consent for a particular Processing purpose. Where the Processing of Personal Data is necessary to fulfill a contract to which the data subject is party, as is the case for example with Processing operations necessary for the supply of goods or the provision of any other service or consideration, Processing shall be based upon Sect. 5 Para. 2. d) of the GBU-DPR. The same applies to Processing operations that are necessary to carry out pre-contractual measures. Where we are subject to a legal obligation requiring Processing of Personal Data, for example for purposes of meeting tax obligations, the Processing shall be based upon Sect. 5 Para. 2 d) of the GBU-DPR. In rare cases, the Processing of Personal Data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, where a visitor to our premises were injured and his or her name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. Processing would then be based upon Sect. 5 Para. 2 e) of the GBU-DPR. Ultimately, Processing operations could be based upon Sect. 5 Para. 2 f) to h) of the GBU-DPR. Processing operations that are not covered by any of the above legal bases and are required in order to safeguard the legitimate interest of our church congregation or a third party, unless the interests, fundamental rights and freedoms of the person concerned prevail, are undertaken on this legal basis. The same applies to such Processing activities which be necessary for the performance of a task which is in the interest of the German Baptist Union or which serves journalistic purposes of the German Baptist Union.
19. Notice of changes
Changes to the law or changes to our internal processes may necessitate adaptation of this data privacy notice. In the event of such a change, we must notify you of this no later than six weeks before it enters into force and effect. You have a general entitlement (No. 19) to withdraw consent which you have previously given. Please note that (unless you exercise your right to withdraw consent) the version of the data privacy notice as amended from time to time shall apply.
20. Your controller / point of contact for data protection matters
If you have any questions regarding the collection, Processing or use of your Personal Data or if you desire information, rectification, erasure or blocking of your data or wish to withdraw expressions of consent previously granted or to object to a certain use of the data, please contact our data protection officer directly:
Mr. André Huppertz,
Version dated: May 25, 2018