Privacy policy

  1. Information on the collection of personal data and contact details of the controller
    1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we will inform you about how we handle your personal data when you use our website. Personal data is all data with which you can be personally identified.
    1.2 The controller in charge of data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is ‘reSAILience e.V., Dreimühlenstraße 30, 80469 München, info@resailience.org’, represented by the Executive Board Hendrik Brüggemann, Tjada Schult and Philipp Seifert. The controller responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
    1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller). You can recognise an encrypted connection by the character string ‘https://’ and the lock symbol in your browser line.

  2. Data collection when visiting our website
    2.1. If you only use our website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called ‘server log files’). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website
  • Date and time of access
  • Amount of sent data in bytes
  • Source/link from which you reached the page
  • Browser used
  • Operating system used
  • IP address used (if applicable: in anonymised form)

Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of unlawful use.

2.2 We host the content of our website with the following provider: IONOS
The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter referred to as IONOS). When you visit our website, IONOS collects various log files including your IP addresses. Details can be found in the IONOS privacy policy:
https://www.ionos.de/terms-gtc/terms-privacy.
The use of IONOS is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in displaying our website as reliably as possible.
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

2.3 Friendly Captcha
Our website uses the ‘Friendly Captcha’ service.
This service is provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.
Friendly Captcha is an innovative, data protection-friendly safeguard solution to make it more difficult for automated programmes and scripts (so-called ‘bots’) to use our website.
For this purpose, we have integrated a programme code from Friendly Captcha into our website, for example for contact forms, so that the visitor's terminal device can establish a connection to the Friendly Captcha servers in order to receive a calculation task from Friendly Captcha. The visitor's terminal device solves the calculation task, which requires certain system resources, and sends the calculation result to our web server. This contacts the Friendly Captcha server via an interface and receives a response as to whether the puzzle has been solved correctly by the terminal device. Depending on the result, we can add security rules to requests via our website and, for example, process or reject them.
The data is used exclusively to protect against spam and bots as described above.
Friendly Captcha does not set or read any cookies on the visitor's terminal device.
P addresses are only stored in hashed, i.e. one-way encrypted form and do not allow us or Friendly Captcha to draw any conclusions about an individual person.
If personal data is stored, this data will be deleted within 30 days.
The legal basis for the processing is our legitimate interests in protecting our website from abusive access by bots, i.e. spam protection and protection against attacks such as mass requests), Article 6(1)(f) (GDPR).
Further information on data protection when using Friendly Captcha.

  1. Health data
    We, reSAILience e.V., Dreimühlenstraße 30, 80469 München, process personal data, including health data, as part of the registration and organisation of a sailing trip. Health data are special categories of personal data within the meaning of Art. 9 para. 1 of the General Data Protection Regulation (‘GDPR’).
    We only process your health data if and to the extent that you voluntarily provide it to us and if this is permitted by law or you have consented to the processing of your personal data.

We process the following health data as part of the registration and organisation of a sailing trip:

  • Medical and psychological results, such as medical certificates, clearance certificates and other medical documents.
  • Information about infectious diseases that could pose a risk to other participants.
  • Medication associated with the underlying medical condition and medication currently being taken.
  • Information on physical and mental condition.

We process the health data provided by you exclusively for the following purposes:

  • Enabling your participation in the sailing trip: For this purpose, it is necessary that we obtain knowledge of whether your participation is safe from a health and medical point of view.
  • Ensuring a safe sailing trip: For this purpose, it is necessary for us to know whether your participation can guarantee the safety of the sailing trip at all times and that you do not suffer from any infectious diseases that could endanger the other participants.

The operators of the data centres commissioned by reSAILience do not have access to keys or unencrypted health data.
The personal data provided by you or collected by us will not be used for automated decision-making.
Health data will not be passed on, sold or otherwise transferred to third parties. Anything else shall only apply if this is necessary for the fulfilment of the communicated or agreed purposes and is permitted under applicable data protection law without consent, if you have explicitly consented or if we are legally obliged to do so.

We only store your health data for as long as is necessary for the preparation and realisation of the sailing trips.

The declaration of consent can be revoked at any time, with effect from the time of revocation. Consent can be revoked at the following address: via email to info@resailience.org or via post to reSAILience e.V., Dreimühlenstraße 30, 80469 München.

  1. Making of contact
    Personal data is collected when you contact us (e.g. via contact form or e-mail). Which data is collected when a contact form is used can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your enquiry or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your enquiry. This is the case when it can be inferred from the circumstances that the matter in question has been conclusively resolved and provided that there are no statutory retention obligations to the contrary.

  2. Twingle donation form
    We use a donation form from twingle (twingle GmbH, Prinzenallee 74, 13357 Berlin). Your data entered in the donation form will be passed on to twingle in order to process your donation in accordance with Art. 6 para. 1 lit. b) GDPR. The data is processed by twingle exclusively in ISO27001-certified data centres in Germany and transmitted to us via a secure connection with state-of-the-art data encryption. The payment data is also transferred directly to the respective payment service provider using this encrypted connection. Current information about the security procedure used and data processing can be found here: twingle.de/datenschutz.

  3. Web analysis services
    Matomo (formerly Piwik) without cookies
    Certain user information is collected and stored on this website using the web analysis service software Matomo (www.matomo.org), a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand (‘Matomo’). Pseudonymised user profiles can be created and evaluated from this information.

The information collected using Matomo technology (including your pseudonymised IP address) is processed on our servers.

This website uses Matomo exclusively without the use of cookies, which means that Matomo does not set cookies on your terminal device at any time.

If personal data is also processed in the described procedures, the processing is carried out on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes in accordance with Art. 6 para. 1 lit. f GDPR.

  1. YouTube with extended data protection
    This website embeds videos from the YouTube website. The operator of the website is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.
    When you visit one of these websites on which YouTube is embedded, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
    Data is only transferred to YouTube when you click to enable the connection to YouTube. If you authorise the connection, your decision will be saved in your browser's local memory. You can delete this data at any time via your browser settings.
    We use YouTube in extended data protection mode. According to YouTube, videos that are played in extended data protection mode are not used to personalise browsing on YouTube. Ads that are displayed in extended data protection mode are also not personalised. No cookies are set in extended data protection mode. Instead, so-called local storage elements are stored in the user's browser, which contain personal data similar to cookies and can be used to recognise the user. Details on the extended data protection mode can be found here:
    support.google.com/youtube/answer/171780.
    After activating a YouTube video, further data processing operations may be triggered over which we have no influence.
    The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG (Telecommunications-Telemedia Data Protection Act), insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
    Further information about data protection at YouTube can be found in their privacy policy at: policies.google.com/privacy.
    Google is certified in accordance with the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: dataprivacyframework.gov/s/participant-search/participant-detail

  2. Rights of the data subject
    8.1 The applicable data protection law grants you the following data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective exercise requirements:

  • Right to information pursuant to Art. 15 GDPR;
  • Right to rectification pursuant to Art. 16 GDPR;
  • Right to erasure pursuant to Art. 17 GDPR;
  • Right to restriction of processing pursuant to Art. 18 GDPR;
  • Right to information in accordance with Art. 19 GDPR;
  • Right to data portability pursuant to Art. 20 GDPR;
  • Right to withdraw consent granted pursuant to Art. 7 (3) GDPR;
  • Right to lodge a complaint pursuant to Art. 77 GDPR.

8.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA AS PART OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE YOUR OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

  1. Duration of storage of personal data
    The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and - if relevant - additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law).

When processing personal data on the basis of an explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, this data is stored until the data subject withdraws their consent.

If there are statutory retention periods for data that is processed within the framework of legal or similar obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for contract fulfilment or contract initiation and/or we no longer have a legitimate interest in further storage.

When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until the data subject exercises their right to object in accordance with Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defence of legal claims.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until the data subject exercises their right to object in accordance with Art. 21 para. 2 GDPR.

Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data is deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

  1. Newsletter
    If you would like to receive the newsletter offered by us, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
    The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). In the case of members of the association, the data is processed on the basis of a legitimate interest (Art. 6 para. 1 lit. f GDPR).
    You can revoke your consent to the storage of the data, the email address and its use for sending the newsletter at any time, for example via the ‘unsubscribe’ link in the newsletter. The same applies to persons who receive the newsletter on the basis of a legitimate interest. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.
    The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

Description and purpose:

  • We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. Among other things, rapidmail is used to organise and analyse the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter is stored on rapidmail's servers in Germany. If you do not wish to be analysed by rapidmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. For the purpose of analysis, the emails sent with rapidmail contain a so-called tracking pixel, which connects to the rapidmail servers when the email is opened. This allows us to determine whether a newsletter message has been opened. We can also use rapidmail to determine whether and which links in the newsletter message have been clicked on. Optionally, links in the email can be set as tracking links, with which your clicks can be counted.
  • Legal basis: The legal basis for data processing is Art. 6 para. 1 lit. a) or lit. f) GDPR.
  • Recipient: The recipient of the data is rapidmail GmbH.
  • Transfer to third countries: Data is not transferred to third countries.
  • Duration: The data stored by us as part of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and the servers of rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email addresses for the member area) remain unaffected by this.
  • Revocation option: You have the option to revoke your consent to data processing at any time with effect for the future. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.
  • Further data protection information: For more information, please refer to rapidmail's data security information at: rapidmail.de/datensicherheit. For more information on rapidmail's analysis functions, please see the following link: rapidmail.de/wissen-und-hilfe
    We have concluded a contract with rapidmail in which we oblige rapidmail to protect your data and not to pass it on to third parties.

Partners

Supporter