Privacy

UPrivacy Policy Thank you for your interest in our website https://siessen.org/ (hereinafter referred to as the “website”). The protection of your privacy and the legally compliant collection, processing and use of your data is an important concern for us. In accordance with Section 15 KDG, we inform you in detail below about the collection, processing and use of your personal data when you use our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. 1. responsible body / service provider 1.1. The controller pursuant to Section 15 of the Act on Ecclesiastical Data Protection of the Catholic Church in Germany (hereinafter “KDG”) and within the meaning of Art. 4 para. 7 of the General Data Protection Regulation (hereinafter “GDPR”) and service provider within the meaning of the Digital Services Act (hereinafter “DDG”) is the Congregation of the Franciscan Sisters of Siessen – Generalate e. V., Kloster Siessen 6, 88348 Bad Saulgau, Germany, e-mail: generalate@siessen.org (hereinafter “us” or “we”). 1.2. You can contact our data protection officer as follows Dr. Thomas A. Degen, Certified Data Protection Officer TUEV Sued (DSB-TUEV), c/o Jordan Wagner Rechtsanwaltsgesellschaft mbH, Alexanderstrasse 8A, D-70184 Stuttgart, e-mail: thomas.degen@jordan-ra.com. 2. data collection, processing and use when you visit our website 2.1 When you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

  • the name of your Internet service provider,
  • the IP address assigned to you,
  • the address of the website from which you visit our website,
  • Browser used,
  • the amount of data transferred in each case,
  • the subpages of our website that you have visited,
  • Date and time of your visit to our website,
  • Access status/HTTP status code,
  • Operating system and its interface of your computer,
  • Language and version of the browser software and
  • Time zone difference to Greenwich Mean Time (GMT).

2.2 We may also use another service provider in order to display the privacy policy. An embedding code is used to transmit your IP address to said service provider. We process your data on the basis of our legitimate interest for a limited period of time in order to initiate a derivation of personal data in the event of unauthorized access or attempted access to local servers and to be able to properly display the data protection declaration (§ 6 para. 1 lit. g KDG). 2.3 We and our IT service providers, including our host provider, have access to the data, whose servers are located within the European Union and, according to the individual paragraphs below, outside the European Union. We have concluded an order processing contract with our host provider. 2.4 This data is processed by us for the following purposes: Ensuring a smooth connection setup of the website, ensuring a comfortable use of our website, evaluation of system security and stability as well as for other administrative purposes. 2.5 For security reasons, log file information (e.g. to investigate misuse or fraud) is stored for a maximum of 10 days and then deleted or anonymized. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified. 2.6 The legal basis for data processing is § 6 para. 1 sentence 1 lit. g KDG. Our legitimate interest follows from the purposes for data collection listed above. Reference is made to the right of revocation in accordance with Section 16 of the Privacy Policy. 2.7 We also use cookies when you visit our website. You will find more detailed explanations on this under no. 5 of this privacy policy. 3. contacting us and collection, processing and use of the data you provide when using the website 3.1 Your data is collected when you contact us, e.g. by e-mail, fax or via a contact form. The data you provide when contacting us will be processed and used exclusively for the purpose of responding to your request and for any follow-up questions. 3.2 Data processing for the purpose of contacting us is carried out in accordance with § 6 para. 1 lit. g KDG respectively according to § 6 Abs. 1 sentence 1 lit. b GDPR. 3.2.1 With regard to contacting us, we would also like to point out the following: 3.2.2 Type and purpose of processing: The data you enter in the contact form will be stored for the purpose of individual communication with you. This requires you to provide a valid e-mail address and your name. This is used to assign the request and subsequently answer it. The provision of further data is optional. If you contact us by e-mail, the data you provide (e-mail address, your name and telephone number if applicable) will also be processed for individual communication. 3.2.3 Legal basis for processing: The data you enter in the contact form will be stored for the purpose of individual communication with you. This requires you to provide a valid e-mail address and your name. This is used to assign the request and subsequently answer it. The provision of further data is optional. If you contact us by e-mail, the data you provide (e-mail address, your name and telephone number if applicable) will also be processed for individual communication. 3.2.4 Data categories: Surname, first name, telephone number, email address and other data of the same category and sensitivity. 3.2.5 Recipients: The recipients of the data are internal employees. 3.2.6 Storage periods: Data will be deleted no later than 6 months after the request has been processed. If there is a contractual relationship, we are subject to the statutory retention periods according to the German Commercial Code (HGB) and delete your data after these periods have expired. 3.2.7 Legal/contractual requirement: The provision of your personal data is voluntary. However, we can only process your request if you provide us with your name, e-mail address and the reason for the request. 3.2.8 Third country transfer: Processing does not take place outside the European Union (EU) or the European Economic Area (EEA), unless expressly stated in the following sections. 3.2.9 On the option to object: You have the option to object to the processing of your personal data at any time. You can inform us of your objection at any time using the contact details provided at the beginning of this privacy policy (see also section 14 below). 3.2.10 Automated decision-making and profiling: As a responsible company, we do not use automated decision-making or profiling for this data processing. 4 Use of our services 4.1 If you wish to make use of our services, it is necessary for the consultation or conclusion of the contract that you provide your personal data, which we need to process your order. We process the data you provide to process your order. The legal basis for this is § 6 para. 1 lit. b, lit. c, lit. f KDG. 4.2 Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. However, we restrict processing after two years, i.e. your data will only be used to comply with legal obligations. 4.3 The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services, which we use for the purpose of operating this online offering. In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with § 6 para. 1 lit. g KDG i.V.m. § 29 KDG. 5. cookies 5.1 When you first visit our website from one of the devices you use, you will be informed that cookies may be loaded onto your device when you use the website. If you continue to use our website after this information, you hereby declare your consent to our use of permanent cookies. 5.2 Cookies are alphanumeric identifiers that are transferred to the hard disk of the end device when our website is accessed. They make it possible to recognize your browser when you visit the website at a later date and are primarily used to make your visit to the website more pleasant and individual, e.g. by recognizing the language used, and to protect the website from hacker attacks. 5.3 This website uses the following types of cookies, the scope and function of which are explained below:

  • Transient cookies (see 4.4)
  • Persistent cookies (see 4.5).

5.4 Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser. 5.5 Persistent cookies used by us are automatically deleted after a specified period, which may vary depending on the cookie. 5.6 You can delete cookies at any time in the security settings of your browser. The help function in the menu bar of most web browsers explains how to set up your browser so that new cookies are never accepted, cookies are only set after notification and by you or are always set automatically. 5.7 You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may then not be able to use all the functions of this website due to such configuration settings. 5.8 The data processed by cookies is required for the purposes mentioned to safeguard our legitimate interests and those of third parties in accordance with Section 6 (1) (g) KDG and Art. 6 (1) (a) or (f) GDPR. 6. use of Google Analytics 4, Google Tag Manager, Google Ads, Google Maps and Google ReCaptcha 6.1 We use the web analysis service Google Analytics 4 of Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland (“Google”) on our website to analyze and optimize its use. We use Google cookies for this purpose. The processing may also take place outside the European Union (EU) or the European Economic Area (EEA). 6.2 If and to the extent that you are affected by personal data processing, the legal basis is your consent (Section 6 (1) (b) KDG). 6.3 The decision for and basis of use are based on the adequacy decision of the European Commission for the EU-U.S. Data Privacy Framework of 10.07.2023, according to which certified companies expressly guarantee the same level of protection of the KDG and the GDPR (https://ec.europa.eu/commission/presscorner/detail/en/ip_23_3721, as of 02.07.2024). Google is certified (https://policies.google.com/privacy/frameworks?hl=en-US, as of 02.07.2024). 6.4 Alternatively, the following also applies to third country transfers: In order to guarantee the level of data protection in a third country, EU standard contractual clauses exist with the provider. 6.5 Google acts as a data processor for Google Analytics in accordance with the data processing conditions for Google Ads. 6.6 We use tags on websites and an SDK for mobile apps to be able to use Google’s analytics products. Based on the measurement data collected, we can better understand the needs of our users and, if necessary, offer them a personalized experience and relevant advertising. Google tags use cookies or app instance IDs to measure user interactions. These identifiers provide information about user behavior. However, no personally identifiable information is sent to Google Analytics, which includes the data listed here: https://support.google.com/analytics/answer/7686480?sjid=17481075517372667980-EU, as of 02.07.2024. The “Best Practices” issued by Google (https://support.google.com/analytics/answer/6366371?sjid=17481075517372667980-EU#zippy=%2Cthemen-in-diesem-artikel, as of 02.07.2024) are observed. 6.7 You can find Google’s privacy policy here: https://policies.google.com/privacy?hl=de, as of 02.07.2024. 6.8 The systems, applications, people, technologies, processes and data centers behind a variety of Google products, including Google Analytics, are ISO 27001 certified. For certification: https://support.google.com/analytics/answer/3407084?sjid=17481075517372667980-EU, as of 02.07.2024. For ISO 27001: https://www.iso.org/standard/27001?sjid=17481075517372667980-EU. 6.9 In Google Analytics, your interactions on our website are primarily recorded using our own cookies. You can deactivate cookies or delete them individually. Google Analytics also supports an optional browser add-on (https://tools.google.com/dlpage/gaoptout/?sjid=17481075517372667980-EU). If you install and activate it, your data will be prevented from being collected by Google Analytics when you visit websites. However, the add-on only deactivates data collection by Google Analytics. If the Google Analytics for Apps SDK or the Google Analytics for Firebase SDK is used on a website or in an app, an app instance ID is recorded in Google Analytics. This is a randomly generated number that identifies an individual app installation. If a user resets their advertising ID under Android or iOS, the app instance ID is also reset. 6.10 Google Analytics sets its own cookies, collects data on the device or browser, IP addresses and website or app activities as follows. This is used to analyze and report on user interactions on websites and apps that use Google Analytics. By default, location and device data is collected, namely: city, latitude (of the city), longitude (of the city), minor version of the browser, user agent string of the browser, device brand, device model, device name, minor version of the operating system, minor version of the platform, screen resolution. For IP addresses, see section 6.11 below. 6.11 IP anonymization takes place, whereby this is shortened by the last octet. In principle, all IP addresses collected from users in the EU are deleted in Google Analytics before they are recorded via EU domains and servers. IP address data is used to derive location data in accordance with section 6.10. and then deleted immediately. The location indicated by the IP address is decisive. 6.12 The data retention period on Google’s servers is: 1 year. We will delete your data from Google Analytics on request by sending your ID to Google Analytics User Deletion API or using the User Explorer report. However, aggregated data linked to you, such as page URLs visited, will not be deleted. We have the option of retrieving event data for your ID via the User Explorer report or the User Activity API. This allows you to analyze and export data at event level for individual users. 6.13 Our website uses Google Ads in conjunction with Google Analytics 4 and the data collected through this. The provisions set out for Google Analytics 4 apply accordingly. Anonymous statistics are compiled by using cookies to record the traffic to our website from activated Google Ads. You can deactivate this function in the advertising settings and change your settings for this cookie. 6.14 Our website uses Google Maps to display map material and/or show directions. If you use the plugin shown, data such as your IP address and data relating to the use of our website may be collected and stored on Google servers and cookies may be set. The privacy policy under section 6.7 applies. 6.15 Our website uses Google reCAPTCHA, which ensures protection against fraudulent access to our website on the basis of fraud detection telemetry data from Google. This involves evaluating your actions in order to be able to verify that you are a human being. This includes invisible verification, a risk-based assessment and visual identity confirmations. The privacy policy under section 6.7 applies. Further information can be found here: https://cloud.google.com/security/products/recaptcha?hl=de#how-it-works. 7. own web fonts This website currently only uses web fonts on its own servers for the uniform display of fonts. 8. social media plug-ins Our website does not currently use any social media plug-ins, with the differentiated exception of YouTube in accordance with section 13 11. e-mail newsletter 11.1 If you register for our e-mail newsletter (hereinafter “newsletter”), we collect your e-mail address and any additional data you may have provided. We use this data exclusively for sending the respective newsletter for the purposes specified when registering for the newsletter. Registration is carried out using the double opt-in procedure and can therefore only be completed when you click on the link provided in the confirmation e-mail and thus confirm your consent to the newsletter being sent. You can revoke your consent to the sending of a newsletter at any time. You can also unsubscribe via the link at the end of each newsletter. The legal basis for sending the newsletter is Section 6 para. 1 lit b KDG and Art. 6 para. 1 sentence 1 lit. a GDPR, § 7 para. 2 UWG. 11.2 Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in emails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns to be carried out. Based on the embedded tracking pixel, we can recognize whether and when an e-mail was opened by a data subject and which links in the e-mail were accessed by the data subject. 11.3 Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by us in order to optimize the newsletter dispatch and to adapt the content of future newsletters even better to the interests of the data subject. This personal data is not passed on to third parties. Data subjects are entitled at any time to revoke the separate declaration of consent given in this regard via the double opt-in procedure. After revocation, this personal data will be deleted by us. Unsubscribing from the newsletter constitutes a withdrawal of consent. 12. links to other websites As part of our website, we may link – also via icons – to websites of other providers, e.g. on Facebook, Instagram, LinkedIn, Xing or YouTube. If you click on such a link on the website, we unfortunately no longer have any influence on the collection, processing and use of your data by third parties. The responsibility for this does not lie with us (within the meaning of §§ 4 No. 9 KDG, if applicable Art. 4 No. 7 GDPR). 13. YouTube 13.1 Type and purpose of processing: We embed YouTube videos on some of our websites for information purposes. The operator of the corresponding plugins is YouTube, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland. When you visit a page with the YouTube plugin, a connection to YouTube servers is established. YouTube is informed which pages you visit. If you are logged into your YouTube account, YouTube can assign your surfing behavior to you personally. You can prevent this by logging out of your YouTube account beforehand. If a YouTube video is started, the provider uses cookies that collect information about user behavior. Further information on the purpose and scope of data collection and its processing by YouTube can be found in the provider’s privacy policy, where you will also find further information on your rights in this regard and setting options to protect your privacy (https://policies.google.com/privacy). 13.2 Legal basis for processing: The legal basis for the integration of YouTube and the associated data transfer to Google is your consent (Section 6 (1) (b) KDG). 13.3 About the data categories: IP address, timestamp, browser and other data of the same category and sensitivity. 13.4 Recipients: Recipients of the data are internal IT employees and YouTube as service provider. 13.5 Storage periods: If you have deactivated the storage of cookies for the Google Ad program, you will not have to expect any such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in your browser. Further information on data protection at “YouTube” can be found in the provider’s privacy policy at: https://www.google.de/intl/de/policies/privacy/ 13.6 Regarding the legal/contractual requirement: The provision of your personal data is voluntary, solely on the basis of your consent. If you prevent access, this may result in functional restrictions on the website. 13.7 Third country transfer: Processing may also take place outside the European Union (EU) or the European Economic Area (EEA). In order to guarantee the level of data protection in this third country, we have alternatively concluded the EU standard contractual clauses with the provider. 13.8 Withdrawal of consent: You can withdraw your consent to the storage of your personal data at any time with effect for the future. 13.9 On automated decision-making and profiling: As a responsible company, we do not use automated decision-making or profiling for this data processing. 14 Open Street Maps 14.1 On the type and purpose of processing: This website includes a map from OpenStreetMap, a free project with the purpose of collecting freely usable geodata and making it available in a database for use by anyone (open data). In order for the map to be displayed to you, information about the use of this website, including your IP address, is forwarded to OpenStreetMap. These services are operated by the OpenStreetMap Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom, for the OSM community. In order for the map to be displayed to you, information about the use of OSM services is forwarded to OpenStreetMap. In addition, a session cookie is stored on the visitor’s computer. Details can be found under point. 5.4 on “Cookies”. 14.2 On the legal basis of the processing: The legal basis for the integration of OpenStreetMap and the associated data transfer to OpenStreetMap is your consent (Section 6 (1) (b) KDG). 14.3 on the data categories: The provider of this site has no influence on this data transfer. For details, please refer to OpenStreetMap’s privacy policy at the following link: https://wiki.osmfoundation.org/wiki/Privacy_Policy. 14.4 Recipients: The recipients of the data are internal IT employees and OSMF. 14.5 Storage periods: Data will only be processed in this context for as long as the corresponding consent is available. It will then be deleted, provided there are no statutory retention obligations to the contrary. To contact us in this context, please use the contact details provided at the beginning of this privacy policy. 14.6 Regarding the legal/contractual requirement: The provision of your personal data is voluntary, solely on the basis of your consent. If you prevent access, this may result in functional restrictions on the website. 14.7 Regarding the transfer to third countries: Processing does not take place outside the European Union (EU) or the European Economic Area (EEA). 14.8 Withdrawal of consent: If you do not want OSMF to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings. In this case, however, you will not be able to use our website, or only to a limited extent. You can revoke your consent to the storage of your personal data at any time with effect for the future. 14.9. Automated decision-making and profiling: As a responsible company, we do not use automated decision-making or profiling for this data processing. 15. transfer of data 15.1 Your personal data will not be transferred to third parties for purposes other than those listed below. 15.2 We will only pass on your personal data to third parties if You have given your consent in accordance with § 6 para. 1 p. 1 lit. b KDG, you have given your express consent to the transfer in accordance with § 6 para. 1 p. 1 lit. g KDG is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data, in the event that the disclosure pursuant to § 6 para. 1 sentence 1 lit. a, lit. d KDG, as well as this is legally permissible and in accordance with § 6 para. 1 p. 1 lit. c KDG for the processing of contractual relationships with you. 16. rights of data subjects If you as a user process personal data, you are considered a data subject in accordance with the KDG. Data subjects have the following rights vis-à-vis the controller. You have the right to

  • to request information about your personal data processed by us in accordance with Section 17 KDG. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
  • in accordance with §§ 18 KDG, to demand the immediate correction of incorrect or incomplete personal data stored by us;
  • to demand the deletion of your personal data stored by us in accordance with § 19 KDG, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • in accordance with § 20 KDG, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing;
  • in accordance with § 21 KDG, the right to notification in connection with the correction or deletion of your personal data or the restriction of processing;
  • in accordance with Section 22 KDG, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller (right to data portability);
  • in accordance with § 8 Abs. 6 KDG, you have the right to withdraw your consent to us at any time. As a result, we may no longer continue the data processing based on this consent in the future (right to withdraw consent) and
  • pursuant to Section 48 KDG to lodge a complaint with a supervisory authority (right to lodge a complaint). As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters. You can find the competent supervisory authority for data protection issues under the following link: Contact details of the supervisory authorities of the individual countries. The Congregation of the Franciscan Sisters of Siessen – Generalate e.V. is under the supervision of the Catholic Data Protection Center Frankfurt a.M., Haus am Dom, Domplatz 3, 60311 Frankfurt.
  • pursuant to Section 23 KDG to object to the processing of your personal data at any time, provided that your personal data is processed on the basis of legitimate interests pursuant to Section 6 para.
    1 sentence 1 lit.
    f or g KDG and where there are grounds relating to your particular situation (right to object).

If you would like to exercise your right to object, please write to Congregation of the Franciscan Sisters of Siessen – Generalate e. V., Kloster Siessen 6, 88348 Bad Saulgau, Germany E-mail: generalate@siessen.org The GDPR is additionally applicable if the level of protection of the KDG is not met. 17. no automated decision-making We do not carry out automated decision-making on the basis of the data collected. 18. up-to-dateness and amendment of this privacy policy This privacy policy is currently valid and is dated July 2024. Due to the further development of our website or due to changes in legal or official requirements, it may become necessary to amend this privacy policy. You can access and print out the current data protection declaration at any time on the website under “Data protection declaration”. updated 25.07.2024

Back To Top