Information on the collection of personal data and contact details of the controller
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we will inform you about how we handle your personal data when you use our website. Personal data is all data with which you can be personally identified.
1.2 The controller in charge of data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is ‘reSAILience e.V., Dreimühlenstraße 30, 80469 München, info@resailience.org’, represented by the Executive Board Hendrik Brüggemann, Tjada Schult and Philipp Seifert. The controller responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller). You can recognise an encrypted connection by the character string ‘https://’ and the lock symbol in your browser line.
Data collection when visiting our website
2.1. If you only use our website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called ‘server log files’). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of unlawful use.
2.2 We host the content of our website with the following provider: IONOS
The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter referred to as IONOS). When you visit our website, IONOS collects various log files including your IP addresses. Details can be found in the IONOS privacy policy:
https://www.ionos.de/terms-gtc/terms-privacy.
The use of IONOS is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in displaying our website as reliably as possible.
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
2.3 Friendly Captcha
Our website uses the ‘Friendly Captcha’ service.
This service is provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.
Friendly Captcha is an innovative, data protection-friendly safeguard solution to make it more difficult for automated programmes and scripts (so-called ‘bots’) to use our website.
For this purpose, we have integrated a programme code from Friendly Captcha into our website, for example for contact forms, so that the visitor's terminal device can establish a connection to the Friendly Captcha servers in order to receive a calculation task from Friendly Captcha. The visitor's terminal device solves the calculation task, which requires certain system resources, and sends the calculation result to our web server. This contacts the Friendly Captcha server via an interface and receives a response as to whether the puzzle has been solved correctly by the terminal device. Depending on the result, we can add security rules to requests via our website and, for example, process or reject them.
The data is used exclusively to protect against spam and bots as described above.
Friendly Captcha does not set or read any cookies on the visitor's terminal device.
P addresses are only stored in hashed, i.e. one-way encrypted form and do not allow us or Friendly Captcha to draw any conclusions about an individual person.
If personal data is stored, this data will be deleted within 30 days.
The legal basis for the processing is our legitimate interests in protecting our website from abusive access by bots, i.e. spam protection and protection against attacks such as mass requests), Article 6(1)(f) (GDPR).
Further information on data protection when using Friendly Captcha.
We process the following health data as part of the registration and organisation of a sailing trip:
We process the health data provided by you exclusively for the following purposes:
The operators of the data centres commissioned by reSAILience do not have access to keys or unencrypted health data.
The personal data provided by you or collected by us will not be used for automated decision-making.
Health data will not be passed on, sold or otherwise transferred to third parties. Anything else shall only apply if this is necessary for the fulfilment of the communicated or agreed purposes and is permitted under applicable data protection law without consent, if you have explicitly consented or if we are legally obliged to do so.
We only store your health data for as long as is necessary for the preparation and realisation of the sailing trips.
The declaration of consent can be revoked at any time, with effect from the time of revocation. Consent can be revoked at the following address: via email to info@resailience.org or via post to reSAILience e.V., Dreimühlenstraße 30, 80469 München.
Making of contact
Personal data is collected when you contact us (e.g. via contact form or e-mail). Which data is collected when a contact form is used can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your enquiry or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your enquiry. This is the case when it can be inferred from the circumstances that the matter in question has been conclusively resolved and provided that there are no statutory retention obligations to the contrary.
Twingle donation form
We use a donation form from twingle (twingle GmbH, Prinzenallee 74, 13357 Berlin). Your data entered in the donation form will be passed on to twingle in order to process your donation in accordance with Art. 6 para. 1 lit. b) GDPR. The data is processed by twingle exclusively in ISO27001-certified data centres in Germany and transmitted to us via a secure connection with state-of-the-art data encryption. The payment data is also transferred directly to the respective payment service provider using this encrypted connection. Current information about the security procedure used and data processing can be found here: twingle.de/datenschutz.
Web analysis services
Matomo (formerly Piwik) without cookies
Certain user information is collected and stored on this website using the web analysis service software Matomo (www.matomo.org), a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand (‘Matomo’). Pseudonymised user profiles can be created and evaluated from this information.
The information collected using Matomo technology (including your pseudonymised IP address) is processed on our servers.
This website uses Matomo exclusively without the use of cookies, which means that Matomo does not set cookies on your terminal device at any time.
If personal data is also processed in the described procedures, the processing is carried out on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes in accordance with Art. 6 para. 1 lit. f GDPR.
YouTube with extended data protection
This website embeds videos from the YouTube website. The operator of the website is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of these websites on which YouTube is embedded, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
Data is only transferred to YouTube when you click to enable the connection to YouTube. If you authorise the connection, your decision will be saved in your browser's local memory. You can delete this data at any time via your browser settings.
We use YouTube in extended data protection mode. According to YouTube, videos that are played in extended data protection mode are not used to personalise browsing on YouTube. Ads that are displayed in extended data protection mode are also not personalised. No cookies are set in extended data protection mode. Instead, so-called local storage elements are stored in the user's browser, which contain personal data similar to cookies and can be used to recognise the user. Details on the extended data protection mode can be found here:
support.google.com/youtube/answer/171780.
After activating a YouTube video, further data processing operations may be triggered over which we have no influence.
The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG (Telecommunications-Telemedia Data Protection Act), insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Further information about data protection at YouTube can be found in their privacy policy at: policies.google.com/privacy.
Google is certified in accordance with the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: dataprivacyframework.gov/s/participant-search/participant-detail
Rights of the data subject
8.1 The applicable data protection law grants you the following data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective exercise requirements:
8.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA AS PART OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE YOUR OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
When processing personal data on the basis of an explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, this data is stored until the data subject withdraws their consent.
If there are statutory retention periods for data that is processed within the framework of legal or similar obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for contract fulfilment or contract initiation and/or we no longer have a legitimate interest in further storage.
When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until the data subject exercises their right to object in accordance with Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defence of legal claims.
When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until the data subject exercises their right to object in accordance with Art. 21 para. 2 GDPR.
Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data is deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.
Description and purpose: