Privacy policy
# Privacy Policy for www.antworten-fuers-leben.de/en
## 1. General information
This privacy policy informs you about how we process your personal data when you visit our website or shop in our online store. Personal data is all information by which you can be personally identified.
## 2. Controller and Data Protection Officer
**Controller**
Scientology Hamburg e.V. [represented by the board]
Domstraße 9
20095 Hamburg
Germany
E-mail: [antworten.fuers.leben@gmail.com]
Phone: +49 40 3560070
**Data Protection Officer**
For all questions and suggestions regarding data protection you can contact our Data Protection Officer at any time at the postal address above with the addition “The Data Protection Officer” or by e-mail: hamburg@scientology.net
## 3. Server log files
When the website is used for informational purposes only — i.e. purely viewing without registration and without you otherwise providing information — we process the personal data that your browser transmits to our server. The data described below are technically necessary for us to display our website and to ensure stability and security and therefore must be processed by us. The legal basis is Article 6(1) sentence 1 lit. f GDPR (legitimate interest):
* IP address
* Date and time of the request
* Time zone difference to Greenwich Mean Time (GMT)
* Content of the request (visited page)
* Access status / HTTP status code
* Amount of data transferred
* Previously visited page
* Browser
* Operating system
* Language and version of the browser software
## 4. Data processing in connection with orders
When you place an order in our webshop, we process your personal data to fulfil your order. The following categories of data are processed:
* First and last name
* Billing and delivery address
* E-mail address
* Telephone number (optional)
* Order data (items, quantity, price)
* Payment data (depending on chosen payment method)
Mandatory data fields are marked separately; further information is voluntary. Processing is based on Article 6(1) sentence 1 lit. b GDPR (contract performance).
You may optionally create a customer account to save your data for future orders. Processing is likewise based on Article 6(1) lit. b GDPR. You can change or delete your data at any time in the customer area under “My Account”.
To prevent unauthorized third-party access to your personal data, the ordering process is encrypted using TLS technology.
## 5. Payment service provider
For payment processing we use the payment service provider PayPal. Provider is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg.
If you use PayPal to pay, your payment data will be transmitted to PayPal. The legal basis is Article 6(1) lit. b GDPR (contract execution) and, if applicable, Article 6(1) lit. f GDPR (legitimate interest in reliable payment handling).
PayPal may transfer personal data to countries outside the EU. PayPal indicates that it provides suitable safeguards within the meaning of Article 46 GDPR. PayPal’s privacy policy can be found at:
https://www.paypal.com/uk/legalhub/paypal/privacy-full
## 6. Shipping service providers
To deliver your order we pass on your address data to our shipping partners. The legal basis is Article 6(1) lit. b GDPR.
## 7. Cookies and analytics tools
We use cookies on our website to enable certain functions (for example shopping cart function, login), to evaluate usage statistically and to improve the user experience.
Technically necessary cookies are used on the basis of Article 6(1) lit. f GDPR. For all other cookies we obtain your consent in accordance with Article 6(1) lit. a GDPR via our cookie banner.
You can change your settings at any time via the “Cookie Settings” in the website footer.
To design our web pages to meet demand we create pseudonymous usage profiles using Google Analytics. Google Analytics uses targeting cookies that are stored on your device and can be read by us.
In this way we are able to recognise returning visitors and count them and learn how frequently our web pages were accessed by different users. The data processing is carried out on the basis of Article 6(1) lit. a GDPR (consent).
Information generated by the cookie about your use of our website is normally transferred to a Google server in the USA and stored there.
Because we have enabled IP anonymisation on our website, your IP address is shortened by Google beforehand within Member States of the European Union. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.
We have concluded a contract for commissioned processing with Google LLC (USA) under Article 28 GDPR. Google will therefore use all information only for the strictly defined purposes of evaluating our website usage and compiling reports about website activity.
Cookie names and retention:
* \_ga — Helps count how many people visit our website — 2 years
* \_gid — Helps count how many people visit our website — 24 hours
* \_gat — Used to control the request rate — 1 minute
You can revoke the consent you have given at any time. Use the cookie settings on our website, inform us of the revocation, or use the browser plugin to deactivate:
https://tools.google.com/dlpage/gaoptout?hl=en-GB
Further information on data protection at Google:
https://policies.google.com/privacy?hl=en-GB
## 8. Contact form
If you contact us via the contact form, the information you provide including your contact details will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. Processing is based on your consent under Article 6(1) lit. a GDPR. You may withdraw this consent at any time.
## 9. Storage duration
We store your personal data only as long as is necessary for the respective processing purposes or statutory retention obligations exist.
Under tax and commercial law requirements (in particular Sections 147 AO, 257 HGB, 14b UStG) we are obliged to retain certain data for up to ten years:
* Contract-related documents: 6 years
* Accounting documents (invoices, delivery notes etc.): 10 years
* Retention obligation under value-added tax law: 8 to 10 years
## 10. Your rights as a data subject
You may assert your rights as a data subject with respect to your processed personal data at any time by contacting us at the contact details given above (see section 2). You have the right to:
* According to Article 15 GDPR: to request access to your data processed by us.
* According to Article 16 GDPR: to request correction of incorrect or completion of incomplete data.
* According to Article 17 GDPR: to request deletion of your data insofar as processing is not necessary for freedom of expression and information, compliance with a legal obligation, public interest, or for the assertion, exercise or defence of legal claims.
* According to Article 18 GDPR: to request restriction of processing, insofar as the accuracy of the data is disputed or processing is unlawful.
* According to Article 20 GDPR: to receive the data you provided to us in a structured, commonly used and machine-readable format, or to request transmission to another controller (“data portability”).
* According to Article 21(1) GDPR: to object at any time, for reasons arising from your particular situation, to processing of your personal data based on a legitimate interest (Article 6(1) lit. f GDPR); we will then stop processing unless there are compelling legitimate grounds that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
* According to Article 21(2) and (3) GDPR: to object at any time to processing for direct marketing purposes, with the result that your personal data will no longer be processed for those purposes.
* According to Article 7(3) GDPR: to withdraw any consent you have given at any time with effect for the future. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
* According to Article 77 GDPR: to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that processing of your personal data violates the GDPR or other data protection laws.
## 11. Transfer of data to third countries
Transfer of personal data to countries outside the EU/EEA (so-called third countries) takes place only if it is necessary for the execution of your orders, legally required or you have given your consent.
An example is the transfer of data to payment service providers such as PayPal or to Google in the context of the use of Google Analytics. In these cases we ensure that the recipient either benefits from an adequacy decision by the European Commission or that appropriate safeguards in accordance with Articles 44 et seq. GDPR (e.g. standard contractual clauses) are in place.
## 12. No automated decision-making (including profiling)
We do not intend to use personal data collected from you for automated decision-making processes (including profiling).
## 13. Changes to this privacy policy
We reserve the right to amend this privacy policy from time to time in order to adapt it to legal requirements or changes to our services. The new privacy policy will apply on your next visit.
---
## Hosting and Content Delivery Networks (CDN)
**Shopify**
We host our website with Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter: “Shopify”).
Shopify is a tool to create and host web pages. When you visit our website, Shopify records your IP address as well as information about the device and browser you use. Shopify also analyses visitor numbers, visitor sources and customer behaviour and creates user statistics. If you make a purchase on our website, Shopify also records your name, e-mail address, delivery and billing addresses, payment data and other data connected with the purchase (e.g. telephone number, amounts of purchases etc.). For analytics Shopify stores cookies in your browser.
Details can be found in Shopify’s privacy policy:
https://www.shopify.com/legal/privacy
The use of Shopify is based on Article 6(1) lit. f GDPR. We have a legitimate interest in a reliable presentation of our website. Where corresponding consent is requested, processing takes place exclusively on the basis of Article 6(1) lit. a GDPR; consent may be revoked at any time.
## SSL / TLS encryption
This site uses SSL / TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognise a secure connection by the change from “http\://” to “https\://” in the browser address line and by the lock symbol in your browser line.
When SSL / TLS encryption is activated, the data you transmit to us cannot be read by third parties.
## Encrypted payment transactions on this website
If, after conclusion of a paid contract, there is an obligation to transmit your payment data to us (e.g. account number for direct debit authorisation), these data are required for payment processing.
Payment transactions using common payment methods (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL / TLS connection. A secure connection can be recognised by “https\://” and the lock symbol in your browser.
With encrypted communication your payment data cannot be read by third parties.
## Payment services
We integrate payment services of third-party companies on our website. If you make a purchase, your payment data (e.g. name, payment amount, account details, credit card number) will be processed by the payment service provider for payment handling. For these transactions the contractual and privacy terms of the respective providers apply. The use of the payment service providers is based on Article 6(1) lit. b GDPR (contract performance) and in the interest of a smooth, comfortable and secure payment process (Article 6(1) lit. f GDPR). Where consent is requested for certain actions, Article 6(1) lit. a GDPR is the legal basis for processing; consents can be revoked at any time.
The following payment services / payment providers are used on this website:
**Apple Pay**
Provider of the payment service is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. Apple’s privacy policy (UK):
https://www.apple.com/legal/privacy/en-GB/
**Google Pay**
Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google’s privacy policy:
https://policies.google.com/privacy?hl=en-GB
**Klarna**
Provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (“Klarna”). Klarna offers various payment options (e.g. instalment payments). If you choose to pay with Klarna (Klarna Checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimise the use of the Klarna Checkout solution. Details on the use of Klarna cookies can be found here:
https://cdn.klarna.com/1.0/shared/content/policy/cookie/en\_gb/checkout.pdf
Details can be found in Klarna’s privacy policy:
https://www.klarna.com/gb/privacy/](https://www.klarna.com/gb/privacy/
---
## Audio and Video Conferences
**Data processing**
For communication with our customers we use online conferencing tools among others. The specific tools used are listed below. If you communicate with us by video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conferencing tool.
The conferencing tools record all data you provide or use to use the tools (e-mail address and/or telephone number). In addition, the conferencing tools process the duration of the conference, start and end times (time) of participation in the conference, number of participants and other “context information” in connection with the communication (metadata).
Furthermore, the tool provider processes all technical data required for conducting the online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speakers and the type of connection.
If content is exchanged, uploaded or otherwise provided within the tool, it may also be stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared during use of the service.
Please note that we do not have full control over the processing activities of the tools used. Our possibilities are governed to a large extent by the corporate policies of the respective provider. Further information on data processing by the conference tools can be found in the privacy statements of the tools used, which are listed below.
**Purpose and legal bases**
The conference tools are used to communicate with prospective or existing contracting parties or to provide certain services to our customers (Article 6(1) lit. b GDPR). In addition, the use of the tools serves to simplify and speed up communication with us (legitimate interest within the meaning of Article 6(1) lit. f GDPR). Where consent is requested, the use takes place on the basis of that consent; consent can be withdrawn for the future.
**Storage duration**
Data collected directly by us via the video and conferencing tools will be deleted from our systems as soon as you request deletion, withdraw consent to storage or the purpose for storing the data ceases to apply. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence on the storage period of your data retained by the operators of the conferencing tools for their own purposes. For details please consult the operators’ privacy statements.
**Conferencing tools used**:
* **Zoom**
We use Zoom. Provider of this service is Zoom Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. Details on data processing can be found in Zoom’s privacy statement:
https://www.zoom.com/en/trust/privacy-statement/
Data transfers to the USA are based on the European Commission’s standard contractual clauses. Details can be found at:
https://www.zoom.com/en/trust/privacy-statement/
---
## Plugins and Tools
**YouTube**
This website embeds videos from YouTube. The operator of YouTube is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of our web pages containing embedded YouTube content, a connection to YouTube’s servers is established. The YouTube server is informed which of our pages you have visited.
YouTube may store cookies on your device or use comparable technologies for recognition (e.g. device fingerprinting). In this way YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, to improve user friendliness and to detect fraud.
If you are logged into your YouTube account, you enable YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube is in the interest of an attractive presentation of our online offerings. This represents a legitimate interest within the meaning of Article 6(1) lit. f GDPR. Where corresponding consent has been requested, processing takes place solely on the basis of Article 6(1) lit. a GDPR; consent may be withdrawn at any time.
More information on how YouTube handles user data can be found in Google’s privacy policy:
https://policies.google.com/privacy?hl=en-GB
---
## Analysis Tools and Advertising
**Facebook Pixel**
This website uses Facebook conversion pixels for conversion measurement. The provider is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. The data collected may also be transferred to the USA and other third countries.
This allows the behavior of site visitors to be tracked after they click on a Facebook advertisement and are transferred to the website of the provider. This allows the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and future advertising to be optimized.
The data collected are anonymous to us as the website operator; we cannot draw conclusions about the identity of users. Nevertheless, Facebook stores and processes the data so that a connection to the respective user profile is possible and Facebook may use the data for its own advertising purposes in accordance with Facebook’s data use policy. This can enable Facebook to display advertising on and off Facebook. This use of data can no longer be influenced by us as the site operator after transmission.
The use of the Facebook Pixel is based on Article 6(1) lit. f GDPR. The website operator has a legitimate interest in effective advertising measures including social media. Where corresponding consent is requested (for example consent to the storage of cookies), processing takes place solely on the basis of Article 6(1) lit. a GDPR; consent may be withdrawn at any time.
Data transfers to the USA are based on the European Commission’s standard contractual clauses. Details can be found here:
https://www.facebook.com/legal/EU\_data\_transfer\_addendum
and
https://www.facebook.com/help/566994660333381
As far as personal data are collected on our website with the help of the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Article 26 GDPR). The joint responsibility is limited to the collection of the data and its transmission to Facebook. Further processing by Facebook after the transfer is not part of the joint responsibility. The obligations incumbent on us have been laid down in a Joint Controller Addendum. The wording of the agreement can be found here:
https://www.facebook.com/legal/controller\_addendum
According to this agreement we are responsible for providing the data protection information when using the Facebook tool and for implementing the tool in compliance with data protection law on our website. Facebook is responsible for the data security of Facebook products. Subject rights (e.g. access requests) regarding data processed by Facebook can be asserted directly at Facebook. If you assert subject rights with us, we are obliged to forward these to Facebook.
Further information on privacy protections at Facebook can be found here:
https://www.facebook.com/policy.php?lang=en-GB
You can also deactivate the remarketing feature “Custom Audiences” in Facebook Ad Settings at:
https://www.facebook.com/ads/preferences/?entry\_product=ad\_settings\_screen
(You must be logged into Facebook for this.)
If you do not have a Facebook account, you can disable interest-based advertising from Facebook at the European Interactive Digital Advertising Alliance page:
https://www.youronlinechoices.com/uk/panel/?tid=4