Data protection policy
The European General Data Protection Regulation (GDPR) that came into force on 25 May 2018 requires us to inform you about how we process your personal information. This includes informing you in some detail about your rights as an “affected individual” whose personal information we process.
This data protection policy explains the way, the scope and the purpose of collecting and using your personal details on the website: https://auftanken-statt-leerfahren.de/en/willkommen.html and http://www.recharge-yourself.net (hereinafter “website”) by Fisch im Wasser GmbH, Habsburgerring 3, 50674 Cologne (hereinafter “we” or “us”). Under data protection law, we are responsible for processing personal data through the website unless this data protection policy contains differing information.
Personal data is information that can be used to identify an individual, i.e. details that can be traced back to a person. These typically include your name, email address and telephone number. However, purely technical data that can be associated with a person is also considered personal data (e.g. login time, screen resolution etc.).
Contact details of the responsible party
If you have any questions about the website, please send an email to: firstname.lastname@example.org
If you have any questions about the global health campaign 2021, please send an email to: email@example.com
You have the right to request, free of charge, information concerning the personal data stored about you. You are also entitled to have inaccurate data corrected, to request a restriction to the processing of too extensively processed data and to request the deletion of personal data that was unlawfully processed or stored for too long (insofar as there is no legal obligation to retain this data or any other reason that precludes this request according to Article 17 (3) GDPR). Furthermore, you are entitled to be provided with all of the data we receive about you, from you, in a standard file format (right to data portability).
You have the right to object to the processing of data.
You can exercise your rights by sending an email to: firstname.lastname@example.org
In addition, you are also entitled to make a complaint to the data protection authority.
Voluntary provision of data
In general, providing your personal data on this website is not legally or contractually required. Providing your personal data on this website is voluntary. You are not obliged to enter your personal data on this website. Nevertheless, the functionality of this website necessitates the processing of your personal data. To register for the online tool of the BASF SE health campaign 2021 we need, as a minimum: Surname, name, email address, encrypted password, location of workplace.
Overview of procedures
On this website, personal data is processed as part of the following procedures:
- User data for the online tool of the health campaign 2021
- Contacting us
- Matomo Webanalytics
- External hosting: 1&1 IONOS SE
- Video playback
1. User data for the online tool of the health campaign 2021
The data is stored according to the user login in the database of the external hosting provider “IONOS” (more information in point 4). A session cookie is also used to check the activity status of the users’ browser session. The functionality of the session cookies is ensured by a series of numbers that are randomly generated by the server and cannot be associated with any personal information.
Data that can be associated with users’ accounts:
- User ID/email
- Surname, first name, encrypted password1, email, location
- Workplace (country)
- Agreement with physical fitness for sport statement
- Exercise plan (fitness data)
- Agreement to data protection policy
- Login data (date, time)
The information on the relevant training programme for you is stored in your user account. This information is also stored in the website database and is processed to enable website functionality. When you use the website again on the same terminal, the new details will overwrite the old information.
The lawfulness of data processing is subject to the consent of the affected individual according to Article 6 (1a) (GDPR). You can revoke your consent to this processing at any time. We are not obliged to appoint a data protection officer. The company is supported by external data protection consultation provided by Alarmstufe Red GmbH (Bettina Sandrock; St. Georg Str. 44; 86911 Dießen; email@example.com).
The resulting ID and associated data are processed based on Article 6 (1f) GDPR. This permission allows personal data to be processed within the scope of “legitimate interest” of the responsible part insofar as this does not override your fundamental rights, freedoms or interests. Our legitimate interest is in providing the functionality of the website.
For as long as the website is operational, all user data will continue to be periodically deleted (annually on 31 December).
All users have the option of deleting their account independently at any time. By deleting your account you are deleting all the information you have provided via the website.
2. Contacting us
When contacting us (for example by email or via the contact form), the information you enter will be stored for the purposes of processing your enquiry and in case there are any follow-up questions.
Information provided when contacting us will be processed on the basis of consent according to Article 6 (1a and 1f) GDPR. This permission allows personal data to be processed within the scope of “legitimate interest” of the responsible party insofar as this does not override your fundamental rights, freedoms or interests. Our legitimate interest is in handling your enquiry. You can revoke your consent to this processing at any time.
The personal data retained when you contact us will be deleted once the reason for the contact has been completely clarified and the specific reason for contacting us is not expected to be relevant in the future.
When contacting us via the contact form, you can choose a relevant topic (content-related questions, registration, my data). To enable us to provide targeted support, the enquiries are sent to different contact people depending on the selected topic. When selecting the topic “question about the content”, your enquiry is sent to both Fisch im Wasser GmbH and BASF SE. In all other specified cases your enquiry is only sent to Fisch im Wasser.
3. Matomo Webanalytics
This website uses Matomo Webanalytics, an open-source software tool that analyses the browsing behaviour of our users. Matomo is deactivated when you visit our website. Only when you actively provide consent will your user behaviour be anonymised and collected. Matomo does not transmit any data outside of the control of Fisch im Wasser GmbH. Without your consent, Matomo does not collect any session data.
Fisch im Wasser GmbH considers this analysis to be part of its service to BASF SE. It helps to further develop the website and adapt the functionality to better reflect user requirements. A report is also given to BASF SE. This report includes the following data:
- Number of clicks to the website (monthly)
- Number of registered users (monthly)
- Number of registered users per site
The reporting given to BASF SE only specifies the locations with more than 20 registered users. Locations with fewer than 20 registered users will be reported together as “other” or excluded from the report.
If you consent to web analysis via Matomo, the following data is collected when visiting subpages of this website:
- 2 bytes of the IP address of the users’ system that is visiting the site
- The visited website
- The website from which the user arrived at the visited website (referrer)
- The subpages that were accessed from the visited website
- How long a user stays on the website
- The frequency of the website visits
The software runs exclusively on our website servers.
We base the processing of personal data by Matomo on Article 6 (1a, 1f) GDPR. This permission allows personal data to be processed within the scope of legitimate interest of the responsible party insofar as this does not override your fundamental rights, freedoms or interests. Our legitimate interest is in analysing the use of our website. Matomo’s “Do Not Track” setting is activated, preventing your data being tracked as soon as you turn off global tracking.
If you are not sure if you have turned off global tracking, you can also manually deactivate this.
Partially deleting the IP addresses establishes a connection to an individual, which means only statistical data is stored.
4. External hosting: 1&1 IONOS SE
This website is hosted by an external provider (1&1 IONOS SE). Personal data collected on this website is stored on the servers of the host.
The host is used for the purposes of fulfilling the contract with our potential and existing clients (Article 6 (1b) GDPR) and in the interest of providing our online service safely, quickly and efficiently via a professional provider (Article 6 (1f) GDPR).
Our host will only process your data to the extent required to fulfil its service obligations and to follow our instructions relating to this data.
We have concluded a data processing contract with our external service provider brandmade, which guarantees the hosting via IONOS.
This data is not combined with other personal data that you actively provide when using the website. We collect server log files for the purposes of managing the website and identifying and safeguarding against unauthorised access. The server log files can be viewed for four weeks and are then automatically deleted.
The server log files are only used to safeguard property and prevent security breaches. We do not use these for marketing purposes.
IP addresses are assigned to every device (e.g. smartphone, tablet, PC) that is connected to the internet. The type of IP address depends on which internet access your end device is currently using to connect to the internet. It may be the IP address that your internet provider has assigned to you, for instance if you are at home and connected to the internet via your WLAN. However, this may also be an IP address that your mobile phone operator has assigned to you or the IP address of a public or private WLAN provider or other internet access. In the most common form at present (IPv4), the IP address consists of four number blocks. Usually, as a private user you won’t use a consistent IP address as this is only assigned to you temporarily by your provider (this is called a “dynamic IP address”). In principle, IP addresses that are assigned permanently (“static IP address”) make it much easier to associate this with user data. Other than for the purposes of tracking unauthorised access to our online service, we generally only use anonymised – not personal – data, to evaluate which of our webpages are most popular, to track the number of visits a day and to obtain similar information.
Our website already supports the new IPv6 addresses. If you already have an IPv6 address you should also be aware of the following: IPv6 addresses consist of eight blocks of four. The first four blocks, similarly to the IPv4 addresses, are typically assigned to private users as dynamic addresses. However, the last four blocks of an IPv6 address (the “interface identifier”) are determined by the device you are using to browse the website. Unless the setting in your operating system has been changed, the device’s MAC address is used. The MAC address is a type of unique serial number that is assigned to every IP-capable device globally. For this reason we do not store the last four blocks of your IPv6 address. Generally, we recommend you activate “privacy extensions” on your end device to improve the anonymisation of the last four blocks of your IPv6 address. Most standard operating systems have a privacy extensions function, however in some cases this is not activated as a default factory setting.
5. Video playback
At request, Vimeo will confirm the protection of your personal data. However, Fisch im Wasser and Vimeo have a joint responsibility, i.e. a joint controllership (controller-to-controller agreement). This means that the video content and occasionally also personal data (e.g. IP addresses) are transferred to the US region.
To ensure that your data cannot be traced, even in part, we have incorporated a “Do-Not-Track”-function in the embed code when programming the website. This prevents Vimeo from tracking settings with regard to your volume and playback status.
1Your password can at no time be viewed by the responsible persons for processing.