Vogelsang IP data privacy statement website (GDPR)
www.vogelsang-ip.de

The protection and security of your (hereinafter "you" or "user") personal data in accordance with Article 4 No. 1 General Data Protection Regulation (hereinafter "GDPR") and, where applicable, the BDSG (hereinafter "pbD") are important to us. Accordingly, we comply with the data protection regulations in order to adequately protect the pbD of each user.

In this data privacy statement, we use the terms according to Article 4 GDPR; these terms can be checked here https://dejure.org/gesetze/DSGVO/4.html

The Vogelsang IP [International Place] non-profit GmbH, Vogelsang 70, 53937 Schleiden (hereinafter "we", "VOGELSANG" or "operator") processes pbD on the website www.vogelsang-ip.de exclusively within the framework of GDPR and any other applicable data protection regulations We would subsequently like to inform you about the nature, scope and purpose of the processing of pbD in the publicly accessible area on our website. When we hereinafter mention the website, we always refer to this publicly accessible area.

If other institutions are named on the website or information about other institutions is available, such as the site development company Vogelsang GmbH, the Eifel National Park Centre (regional forest and woodland authority), the Eifel National Park Foundation and Vogelsang or the Klara and E.O. Primbsch Foundation, and if – in exceptional cases only – we receive pbD via the website on behalf of these institutions and for forwarding to these institutions, we are either the processor, or it is conducted with your consent. You can reach the websites of these other institutions via our website or the links found there.

Please note that you can also access other Internet sites through further links on our website, e.g. through the sub-website http://www.vogelsang-ip.de/de/partner-vor-ort.html or http://www.vogelsang-ip.de/de/spenden.html, which are not operated by us, but by third parties. These links are either clearly indicated by us or can be identified by a change in the address bar of your browser. We are not responsible for compliance with data protection regulations and the secure handling of your personal data on these Internet sites operated by third parties.

This data privacy statement (hereinafter "DPS") makes information available in accordance with Article 13 GDPR for use by the website www.vogelsang-ip.de. In the DPS, we begin by clarifying who is the person responsible and who is the data protection officer; then we give information on the types of pbD, the purposes and the legal basis of the processing, potential recipients and legitimate interests, deletion deadlines and, if applicable, further information, in order of type of access type and the type of cookies and social media used. This DPS is concluded by a statement of your rights.

1. Contact details of the person responsible (Article 13 Para. 1 lit. a) GDPR)
   
   Vogelsang IP [Internationaler Platz] non-profit GmbH is the party responsible for the operation of the website and for handling the pbD processed here
   represented by Managing Director Thomas Kreyes
   Vogelsang 70, 53937 Schleiden
   Telephone: +49 (0)2444 91579-0
   Website: www.vogelsang-ip.de
   E-mail: info(at)vogelsang-ip.de
   
   
   
2. Contact data of the data protection officer (Article 13 Para. 1 lit. b GDPR)
   
   The external data protection officer of Vogelsang IP non-profit GmbH is
   the lawyer: 
   Mr Georg W. Baumann 
   Eichholzer Str. 80
   50389 Wesseling 
   Tel. +49 (0)2236 9292-0 
   
   
   
3. Website access and, if applicable, document download
   
   a. Types of personal data: Each time the website is accessed, the following log files for the respective user are automatically collected: browser types and versions used, the operating system used by the accessing system, the Internet site from which an accessing system accesses our Internet site (so-called referrer), the sub-websites controlled by the accessing system on our website, the date and time of access to the website, the Internet protocol address (IP address) of the accessing system, the accessing system's Internet service provider, other similar data and information, which serve as risk prevention in case of attacks on our information technology systems. In detail, these are as follows:
   
   o Anonymised client IP: To identify where web servers that provide the site may be attacked, we collect IP addresses. These will be stored for a maximum of seven days. Thereafter they will be anonymised. For data protection reasons, the IP addresses in the log file provided by the host are only anonymously visible to us from the start.
   
   o Timestamp: Information on which day and at what time the visitor accessed the website is masked by the timestamp.
   
   o Request line: This is the path of the destination address without the domain.
   
   o Status Code: The website’s status code.
   

   o Size of the response body: When the user visits the website, temporary data will be downloaded. This includes, for example, the images and texts that the user sees in his browser. The log file indicates how comprehensive the data is.

   o Referrer transmitted by the client: This field indicates from which page the visitor arrived on the website.

   o User agent transmitted by the client: Here you can for example find information about the type and version of the browser and the operating system that the visitor uses.

   o Remote User: This field is normally left empty. Data for this purpose will only be saved if the website has a login process based on http-Basicauth. However, the vast majority of websites now use a different method that works with Javascript. In this case, no remote user is stored.’

   b. Purposes of the processes (Article 13 Para. 1 lit. c) GDPR): The processing of the aforementioned data is carried out in order to ensure the functionality of website access and to supply the website to you or to enable downloads. In addition, the data may be used to safeguard the security of the information technology systems through which the website is operated.

   c. Legal basis for processing, legitimate interests (Article 13 Para. 1 lit. c) and d) GDPR): The legal basis for the processing of data is Article 6 Para. 1 S. 1 lit. f) GDPR, i.e. the legitimate interests of VOGELSANG. These legitimate interests are to provide you with our publicly available web content.

   d. Recipient/third party (Article 13 Para. 1 lit. e) and f) GDPR): Transfer of pbD to third parties (Article 4 No. 10 GDPR) is not carried out. All pbD are processed on computers within the European Union. The website host is our processor. Transfers to a third country are not carried out. A transfer of pbD to state institutions and authorities is only possible within the framework of statutory provisions.

   e. Deletion deadlines (Article 13 Para. 2 lit. a) GDPR: The pbD will be deleted at the end of your visit to the website at the latest, i.e. when you close the browser on your computer. Regardless of the pseudonymisation mentioned above, data on the server (log files) will, for technical reasons, be periodically deleted every 14 (fourteen) days, unless longer storage is necessary to ensure technical operation or to track any possible attacks on our systems. Otherwise the data will be deleted afterwards.
   
   

4. Contact by e-mail via e-mail addresses provided on the Website
   
   In various places on the website, e.g. in the imprint and in the footer, as well as on different sub-webpages, we give you the opportunity to contact us directly via e-mail by providing an e-mail address. Please do not use the generic e-mail addresses to send us documents with personal content, e.g. application documents. The following rules apply for contacting us via e-mail:
   

   a. Types of personal data: Data includes e-mail address, log files concerning the attributes of the e-mail as well as the time of arrival, along with all pbD specified in the e-mail by the sender.

   b. Purposes of  processing (Article 13 Para. 1 lit. c) GDPR): The purpose is to respond to the user’s request, and subsequently, if necessary, the initiation, acceptance and execution of a business relationship, depending on the nature of the request.

   c. Legal basis for processing and, if applicable, legitimate interests (Article 13 Para. 1 lit. c) and d) GDPR): The legal basis for the processing of pbD is Article 6 Para. 1 S. 1 lit. f) GDPR, if the sender of the e-mail does not have a contractual relationship with us or is not already in some other form of business relationship with us, nor initiating such a relationship. Our legitimate interests in this case are to provide you with information and to respond to your requests. If a contractual relationship already exists (e.g. tour booking) or if a relationship is to be entered into on your initiative, the legal basis for the processing is Article 6 Para. 1 lit. b GDPR.

   d. Recipient/third party (Article 13 Para. 1 lit. e) and f) GDPR): Transfer of pbD to third parties (Article 4 No. 10 GDPR) is not carried out unless this transmission is expressly at the user's request or the user expressly agrees to the transmission. All e-mails are processed on computers within the European Union. The e-mail host is our processor. Transfers to a third country are not carried out and are not intended. A transfer of pbD to state institutions and authorities is only possible within the framework of statutory provisions.

   e. Deletion deadlines (Article 13 Para. 2 lit. a) GDPR: The pbD will be deleted following the professional settlement of the request, at the latest six months after completion; completion is assumed to have been reached if the user has not responded to VOGELSANG’s reply to the request after six months. This six-month deadline is applicable since user requests are often made far in advance, and users take several months to respond to our processing. If the request forms part of a contractual relationship or the preparation thereof, deletion will be carried out in accordance with the statutory provisions, at the latest once the contractual or pre-contractual relationship has ended, namely six months after its termination.

   A deletion is not carried out if Article 17 Para. 3 GDPR interferes, particular legal retention requirements exist, and/or the pbD are necessary for the enforcement, exercise or defence of legal claims or against legal claims.
   
   
   
5. Booking request and other electronic forms
   
   Before using the form for a booking request or for registering for other events by means of forms provided on the website, the user must consent to the processing of the pbD in conjunction with the use of the contact form according to the following provisions by ticking the box, otherwise the completed form will not be sent. Clause 8 specifies  the right to revoke given consent at any time.
   

   a. Types of personal data: Data (mandatory data) includes title/first name/surname, postal address, e-mail address/telephone, message content, technical record of given consent. In addition, for booking requests, data related to the desired event itself are required, including the selected format/programme.

   b. Purposes of the processes (Article 13 Para. 1 lit. c) GDPR): The purpose is to respond to the user’s request, in particular the initiation, acceptance and execution of a booking or registration for events.

   c. Legal basis for the processing (Article 13 Para. 1 lit. c) GDPR):  Legal basis for the initiation and implementation of a business relationship, Article 6 Para. 1 S. 1 lit. b) GDPR, if applicable Article 6 Para. 1 S. 1 lit. a) GDPR, i.e. declared consent in accordance with Section 5.

   d. Recipient/third party (Article 13 Para. 1 lit. e) and f) GDPR): Transfer of user data to third parties (Article 4 No. 10 GDPR) is only carried out if the user agrees to such a transfer and this transfer is necessary in order to notify the relevant partner for the booking, as specified on the website, on the basis of the chosen format or programme. Because not all the programmes/formats on offer are carried out by us. The organiser immediately contacts the user and, as the responsible party, handles everything else. Furthermore, the necessary data for the realisation of the programme is transferred to the actual guide or grounds tour guide. All data is processed on computers within the European Union. Transfers to a third country are not carried out and are not intended. A transfer of pbD to state institutions and authorities is only possible within the framework of statutory provisions.

   e. Deletion deadlines (Article 13 Para. 2 lit. a) GDPR): The data will be deleted six months after the request has been responded to or processed, provided the nature of the request does not result in a different procedure (e.g. consultations), a booking is not made or the consent given is not revoked beforehand. This six-month deadline is applicable since user requests are often made far in advance, and users take several months to respond to our processing. If the request forms part of a contractual relationship or the preparation thereof (booking), deletion will be carried out in accordance with the statutory provisions, no later than six months after the envisaged contractual or pre-contractual relationship has ended.

   The deletion is not carried out if Article 17 Para. 3 GDPR interferes, particular legal retention requirements exist, and/or the data are necessary for the enforcement, exercise or defence of legal claims or against legal Claims.
   
   

6. Submission of application documents
   
   We give you the opportunity to submit your application for employment with us by e-mail, including FSJ (voluntary social work year) or an internship on various sub-websites, e.g. at http://www.vogelsang-ip.de/de/Stellenangebote.html or at http://www.vogelsang-ip.de/de/praktikum-fsj.html..
   

   a. Types of personal data: Types of personal data include e-mail addresses, including the recording of the e-mail on our computers as well as any pbD included in your e-mail that is related to your application, e.g. title, surname, first name, details of the CV, photo, certificates and or similar documents.

   b. Purposes of the processes (Article 13 Para. 1 lit. c) GDPR): The purpose of the processing is the selection of candidates and the possible basis of an employment relationship or intern relationship or an FSJ relationship.

   c. Legal basis for the processing (Article 13 Para. 1 lit. c) GDPR): The legal basis is § 26 BDSG, if applicable Article 6 Para. 1 S. 1 lit. b) GDPR (e.g. when applying for freelance work) or § 12 JFDG.

   d. Recipient/third party/third country transfer (Article 13 Para. 1 lit. e) and f) GDPR): Transfer of data to third parties (Article 4 No. 10 GDPR) is not undertaken. All e-mails are processed on computers within the European Union; an agreement for order processing exists with the e-mail host in accordance with Article 28 GDPR. Transfers to a third country are not carried out and are not intended. A transfer of pbD to state institutions and authorities is only possible within the framework of statutory provisions.

   e. Deletion deadlines (Article 13 Para. 2 lit. a) GDPR): The data will be deleted within three months of completing the application process (decision on the consideration or non-consideration of your application) unless (i) the application was successful and all the application documents are attached to the personal file; (ii) you have, in your capacity as a candidate, expressly given us your consent (which can be freely revoked at any time - cf. Clause 8) to be included in a talent pool for a certain period of time (at the end of which the data will be deleted), and/or (iii) Article 17 Para. 3 GDPR interferes, particular legal retention requirements exist, and/or the data are necessary for the enforcement, exercise or defence of legal claims or against legal Claims.
   
   

7. Use of cookies and Google Maps
   
   a. Cookie PHPSESSID
   We use the cookie PHPSESSID
   Cookies are small text files that, as part of the website usage, save the settings for websites e.g. in the user’s web browser. The cookies serve to make the operation of the website easier. The website www.vogelsang-ip.de exclusively uses the cookie PHPSESSID. This cookie is a so-called session cookie. The function of PHPSESSID is to provide the session of your visit with a unique ID. This ID serves for future visits and is exchanged and managed between the client and the server (similar to a temporary password). These cookies can be found in all commonly used applications nowadays, and they facilitate the use of these. The stored data will be deleted when you delete your cookies on your computer.

   Every user can prevent the installation of cookies by adapting his or her browser settings accordingly. However, if this is done, it may not be possible to fully use all the functions of the website.

   Depending on the browser you are using, you have various options to prevent the storage of cookies on your computer, to block cookies, display them and remove them. Should you have any difficulties in doing this, we recommend that you consult the manufacturer’s website where you will find the necessary information. Should you decide not to allow cookies to be created on your computer, you will still continue to have access to our Website.

   b. Google Maps
   Parts of our website use features from Google Maps for integrating map data. This content is provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google"). When you visit our website, your browser loads the necessary code from Google. The browser you use must connect to Google's servers for this purpose. As a result, Google registers that our website has been accessed via your IP address. At the same time, Google may deposit cookies on your terminal device, provided you have not prohibited the use of cookies in your browser, or read cookies. Location information may also be collected if you permit this in your browser.

   The use of Google Maps is for the convenience of creating an attractive, comfortable design for our website, and for the purpose of facilitating the location of places we have indicated on our website. This represents a legitimate interest in accordance with Article 6 Para. 1 S. 1 lit. f GDPR. The data transfer to the USA is carried out in accordance with Implementing Decision (EU) 2016/1250 of the European Commission (EU-US Privacy Shield). It is not compulsory for you to provide personal data, but use of the affected parts of our website (https://loginpartners.de/kontakt/) is not possible without the provision.

   Google’s data privacy statement can be found under https://www.google.com/policies/privacy/.
   
   

8. User rights (Article 13 Para. 2 lit. b) – e), Article 7 Para. 3 GDPR)
   

   If the respective legal requirements of the GDPR are met, under divergent or supplementary conditions of the BDSG, you have the right,

   - in accordance with Article 15 GDPR, to at any time request information on the pbD processed by us. In particular, you may request information about the purposes of processing, the pbD category, the categories of recipients to whom your pbD has been disclosed, the planned retention period and the existence of the rights outlined in this section;

   - in accordance with Article 16 GDPR promptly request the correction or completion of incorrect pbD that have been stored by us;

   - in accordance with Article 17 GDPR to request the deletion of your pbD that have been stored by us, as far as the processing is not necessary for exercising the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the enforcement, exercising or even the potential defence of legal claims;

   - in accordance with Article 18 GDPR to demand restrictions on the processing of your pbD if you dispute their accuracy, if the processing is unlawful, but you do not wish them to be deleted, and we no longer need the pbD, but you require them for the enforcement, exercising or defence of legal claims, or if you have objected to the processing in accordance with Article 21 GDPR;

   - in accordance with Article 20 GDPR to receive your pbD, which you provided to us, in a structured, commonly used and machine-readable format or to request a transfer to another responsible party;

   - in accordance with Article 7 Para. 3 GDPR to at any time revoke data protection consent that was once given. As a result, in future we can no longer continue the data processing that was based on this consent, and

   - in accordance with Article 77 GDPR to complain to a regulatory authority. In general, an appeal can be directed to the regulatory authority for your usual place of residence or work or the VOGELSANG headquarters in North Rhine-Westphalia.

   If personal data based on legitimate interests in accordance with Article 6 Para. 1 S. 1 lit. f) GDPR is processed, the person concerned has the right, in accordance with Article 21 GDPR, to object to the processing of his/her pbD, as long as there are grounds for this relating to their particular situation or objection to direct marketing is made. In the latter case, the person concerned has a general right of objection, which will be implemented by us without the need to specify a particular reason.

   To exercise these rights, the user should refer to the points specified in Clause 1 and 2.

   Please note that only the German language version of this document is legally binding.