1. Introduction
This document explains how Coopera e. V. handles your personal information — how we collect, use, and protect it. This Data Protection Statement gives you a clear overview of what happens with your data If you visit our website or engage with Coopera e. V. in any other way.
It’s important to understand your privacy rights, so take a moment to read through this statement. You’re in control of providing your personal information, and it’s entirely voluntary. However, if you choose not to share this information, it might affect your experience with our services.
- This document is relevant to several groups, including:
- People visiting our website;
- Applicants to our open calls and programs;
- Participants in activities directly organized by Coopera e. V. or where Coopera e. V. is entitled to access personal data from partner organizations;
- Employees;
- Third-party business partners;
- Others interacting with us or whose personal information we keep.
Keep in mind that this Data Protection Statement doesn’t cover websites, apps, products, or services with their own data protection statements or those provided by third parties. Clicking on links or enabling connections with third parties might allow them to collect, use, or share your data. Be sure to check out their data protection statements too.
2. Definitions
The Data Protection Statement of Coopera e. V. aligns with the terminology set by European regulators for compliance with the General Data Protection Regulation (GDPR). Our aim is to make this statement clear and accessible to a broad audience. To achieve this, we provide explanations for the terms used in the document.
In this Data Protection Statement, you’ll encounter various terms, including but not limited to:
Personal data
Personal data means any information about an individual who can be identified directly or indirectly. This person, also known as the “data subject”, can be singled out through details like their name, identification number, location data, online identifier, or factors related to their physical, physiological, genetic, mental, economic, cultural, or social identity. In simpler terms, personal data includes details that can point to a specific person.
Data subject
The term “data subject” refers to any person, whether identified or identifiable, whose personal information is being handled by the person or organization in charge of processing it. In simpler terms, a data subject is an individual whose personal data is being dealt with by the party responsible for managing that information.
Controller or controller responsible for the processing
The term “controller” or “controller responsible for the processing” refers to an individual or organization, whether it’s a person, company, public authority, or agency. This entity, either on its own or in collaboration with others, is the one that decides why and how personal data is processed. In cases where Union or Member State laws dictate the reasons and methods for processing, the controller or the specific criteria for their appointment may be outlined by these laws. In simpler terms, the controller is the one in charge of determining why and how personal data gets handled.
Processor
The term “processor” refers to an individual or organization, whether it’s a person, company, public authority, or agency. This entity is responsible for handling personal data on behalf of the controller. In simpler terms, the processor is the one who manages and works with personal data as directed by the controller.
Recipient
A “recipient” is an individual or organization, like a person, company, public authority, or agency, to whom personal data is shared, whether or not they are a third party. However, if public authorities receive personal data as part of a specific inquiry under Union or Member State law, they are not considered recipients. In such cases, the processing of the data by these public authorities must adhere to the relevant data protection regulations based on the purposes of the processing. Simply put, a recipient is someone who gets access to personal data, but there are exceptions for certain public authorities following specific rules.
Third party
A “third party” is anyone else, whether an individual, company, public authority, or organization, apart from the person the data is about (the data subject), the one deciding how the data is handled (controller), the one managing the data (processor), and individuals directly authorized by the controller or processor to handle personal data. In simpler terms, a third party refers to anyone not directly involved in making decisions about or managing personal data but authorized to process it by the controller or processor.
Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether manually or using automated methods. These operations include collecting, recording, organizing, storing, adapting, altering, retrieving, consulting, using, transmitting, disclosing, disseminating, aligning, combining, restricting, erasing, or destroying personal data. In simpler terms, processing refers to the various tasks performed on personal data, whether done by hand or with the help of computers.
Restriction of processing
“Restriction of processing” means labeling stored personal data to limit their future handling. In simpler terms, it’s like putting a tag on certain personal information to control how it gets used going forward. This helps ensure a more controlled and limited use of the data.
Profiling
“Profiling” refers to the automated processing of personal data to assess specific aspects of an individual. This involves analyzing or predicting things like a person’s job performance, financial status, health, preferences, interests, reliability, behavior, location, or movements. In simpler terms, profiling uses technology to understand and make predictions about various aspects of a person’s life based on their personal information.
Pseudonymisation
“Pseudonymization” is a way of handling personal data so that it’s no longer directly linked to a specific person without using extra information. This additional information is kept separately and is protected by technical and organizational measures to make sure that the personal data can’t be linked back to an identified or identifiable individual. In simpler terms, pseudonymization helps enhance privacy by separating key details and securing them in a way that makes it harder to connect them to a specific person.
Consent
The “consent of the data subject” means you freely, specifically, and knowingly express your wishes regarding the processing of your personal data. This can be done through a statement or a clear action that shows you agree. It’s important to note that you can only give consent for operations involving your personal data if you’re 16 years of age or older. In simpler terms, your agreement to how your personal data is handled should be given willingly and with a clear understanding, and you need to be at least 16 years old to provide such consent.
3. Who is responsible for data collection on this website?
Coopera e. V. is responsible for the protection of your data.
Coopera e. V.
Ahlbecker Str. 3
10437 Berlin
Germany
4. How and what do we collect?
4.1. Usage data: indirect collecting of general information
When you visit our website, our web service provider automatically records certain information, known as server log files. These details are general and don’t allow us to identify you personally. We keep this anonymous server data separate from any personal information you provide.
Here’s what we collect without any action from you, and it’s stored until it’s automatically deleted:
- Your IP address;
- Date and time of your visit;
- Time zone difference from Coordinated Universal Time (UTC);
- Web browser details, like the request method (e.g., GET), the page or resource you requested, and the protocol version (e.g., HTTP/1.1);
- Access status/HTTP status code (e.g., 404 for “page not found”);
- Amount of data transferred;
- The page you were on before the current one (if your web browser shares this info);
- Your browser identifier, including name, manufacturer, version, and language;
- Browser software, along with the operating system and its version (if your web browser shares this info).
We collect this data to show you our website, keep it secure and stable, and use the anonymous info for statistics. The legal basis for this is Article 6, Paragraph 1, Letter f of the GDPR, and our legitimate interest comes from the purposes of data collection mentioned.
Data protection statement of our hosting provider: https://www.hosteurope.de/en/terms-and-conditions/privacy/
4.2. Website Cookies
Cookies are small text files sent from our web server to your device when you visit our websites. These files, usually stored on your device’s hard drive, aren’t harmful programs and can’t mess with your system. Even though cookies can recognize your device, they don’t store personal data.
The main job of cookies is to check their content when you come back to the website, so it can remember you or your previous actions. If a cookie is deleted, whether you do it or it happens automatically, it stops recognizing or tracking your actions, making the cookie unreadable.
Cookies have a name and a corresponding value. They either get deleted when you close your browser or have a set expiration date. Our use of cookies doesn’t use technology that connects info through cookies to your personal data. Your identity, like your email address, remains private.
You can still use our web pages without enabling cookies by adjusting your browser settings. If you need help turning off cookies, check your browser’s help function. Keep in mind that turning off cookies might affect some website functions and your convenience. If you want to manage online advertisement cookies, go to https://www.youronlinechoices.com/uk/your-ad-choices/.
4.3. Information You Choose to Share with Us
This refers to personal information that you willingly share with us through our website, like when you take part in an open call, register for an event, or subscribe to our newsletter. It also covers personal information you provide through email, phone, letter, or any other way of sending information. Check the list below for the specific types of personal information we gather.
4.4. Publicly Available Information
Your personal information may be accessible to us through external publicly available sources. Depending on your privacy settings on social media platforms, we could gather information from those accounts or services. This happens, for example, when you interact with us on platforms like Facebook, Instagram, or LinkedIn.
5. Purposes of data processing
Coopera e. V. shall only use your data for the purposes described below:
- To register web statistics.
- To contact you and to inform you about our projects. Such consent is given, for example, when you subscribe to the newsletter on our website or agree on sending you newsletters during the application process.
- For the proper fulfillment of the task of the organization. For example, the conclusion of agreements and relationship management (CRM).
6. Special personal data
Coopera e. V. does not collect data pertaining to political views, race, religious views, health, criminal information or other matters. However, in some applications we ask you for the health data for the reasons of accessibility or food allergies.
7. Newsletter subscription data
To send you our newsletter, we need your email address. We’ll verify the email address you provide and ask for your consent to receive the newsletter. Any additional data is optional, and we only use the information to send you the newsletter.
Your consent is the basis for processing the data you provide when signing up for the newsletter. You can withdraw your consent anytime. Just send us a quick email or use the “unsubscribe” link in the newsletter. The legality of previous data processing operations won’t be affected by your withdrawal.
If you decide to unsubscribe, the data you entered for the subscription will be deleted. However, if this data has been shared with us for other purposes, it will still be in our records.
7.1. Newsletter tracking
The Coopera e. V. newsletter uses tracking pixels, which are miniature graphics embedded in HTML-formatted emails, to analyze how well our campaigns are doing. These pixels help us record whether the email was opened and which links were clicked on. The personal data we collect through these pixels is kept safe and analyzed to improve our future newsletters.
Your data won’t be shared with any third party. You can revoke your consent at any time. If you decide to stop receiving the newsletter, your personal data will be deleted when you withdraw your consent.
8. Privacy for job applicants
Coopera e. V. processes the data and documents provided by applicants to assess their suitability for a position within the organization. To ensure the right fit for the job, our recruitment process involves comparing applicant data with the requirements of the position(s) and reaching out if more information is needed. We may also contact the provided referees when applicable.
For certain roles, applicants might undergo screening and assessments. In these cases, the individuals responsible for these processes will receive the necessary personal data for screening or assessment purposes.
After completing the recruitment and selection process, Coopera e. V. retains applicant data for up to four weeks. Applicants have the right to check how their personal data is handled. If there are any issues, corrections, additions, removals, or requests to limit access can be made by contacting the email address below. We’re here to ensure your data is accurate and treated with care.
9. Data protection for participants of our programs and events
When you engage in our open calls or register for an event, we collect and process your personal data to facilitate your involvement. This includes information provided during the application process, such as your name, contact details, and all other information relevant to a particular open call program. We retain this data for the duration necessary to perform our primary functions and adhere to contractual or funding obligations. Your privacy is a priority, and we ensure that your data is only kept for as long as required to fulfill the intended purposes or as stipulated by legal requirements.
10. Other activities
For all other activities and events organised by Coopera e. V., we shall ask for as little personal data as possible. If we work jointly with other organisations, we shall insist that a clear privacy policy is conducted.
11. Contact information management
We use the open source software CiviCRM to manage our contact data. This software is run under our own management on a dedicated server.
If, in the context of our work, you have voluntarily provided us with contact information with the intention that we can reach you via these contact details, for example by providing us with a business card, we save this data for the purpose of managing our relationships.
Data from contacts can also be stored locally in the personal address books of Coopera e. V. employees. Of course we will delete your contact information from our systems on request.
12. General data retention period
We ensure that your personal information is only kept for as long as necessary to fulfill our tasks effectively or to meet legal obligations. Your data will never be stored longer than it needs to be. Your privacy is important to us, and we’re committed to using your information appropriately.
When you reach out to us through our website’s contact form or via email, we’ll keep and process the personal details you provide for as long as necessary. The length of time we retain this information depends on the nature of your inquiry and how long it takes us to fully address it. We may also hold onto emails that are crucial for our everyday operations.
13. Security of the data
At Coopera e. V., we’ve put in place physical, technical, and organizational measures to safeguard your personal data. Our secure server is accessible only to authorized personnel, which helps prevent unauthorized access or changes to your information.
We never share your personal data with third parties unless it’s explicitly stated in our Data Protection Statement. There are only two exceptions:
- If we ask for your consent before sharing your data with third parties.
- If we’re legally obligated to share your data, but only after we’ve made every effort to avoid doing so based on legal requirements.
Our website is equipped with a reliable SSL Certificate to ensure that your personal data remains secure and protected. We take every reasonable measure to ensure the highest level of security possible. Your privacy is our top priority, and we’re committed to keeping your information safe.
14. Social media
We may have content that has been imported from other sources or sites. These embeds often use cookies of the source platform.
To see what the social media platforms do with your personal data, you may inspect the data protection statements of Facebook, Instagram, YouTube and LinkedIn. What they do with the cookies and personal data, can be found in the privacy policy of the service concerned. That is out of our control.
By installing an add-on such as ‘Disconnect’ for Chrome and Firefox, you can switch off this feature.
15. Your rights
According to the General Data Protection Regulation (GDPR), you have certain rights regarding your personal data. These rights include the ability to access the personal data we have collected about you and, in some cases, to request modifications or removal of that data. If you’ve subscribed to our newsletter, every newsletter includes a clear link that allows you to unsubscribe easily.
To exercise your rights, you can send a request via email or post to the contact details provided below. In order to process your request, we may need additional information from you to verify your identity. Your privacy and control over your personal data are important to us, and we’re here to help you exercise your rights in accordance with the GDPR. If you have any questions or concerns, don’t hesitate to reach out.
Right of confirmation
You have the right to confirm whether your personal data is being processed by us. If you wish to exercise this right, please write to us at privacy(at)coopera.io.
Right of access
You have the right to obtain free information about your personal data stored by us, as well as a copy of this information. This includes:
- Details about the purposes of the processing;
- Categories of personal data stored;
- Recipients of the data;
- Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
To exercise this right, please write to us at privacy(at)coopera.io.
Right to rectification
You have the right to have inaccurate or incomplete personal data corrected without undue delay. If you need to rectify your personal data, please write to us at privacy(at)coopera.io.
Right to erasure (Right to be forgotten)
You have the right to request the erasure of your personal data without undue delay under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected. To request erasure, please write to us at privacy(at)coopera.io.
Right of restriction of processing
You have the right to request restriction of processing under certain circumstances, such as:
- When the accuracy of your personal data is contested, for a period enabling the controller to verify the accuracy of the personal data;
- When processing is unlawful, and the you oppose the erasure of the personal data and request the restriction of their use instead;
- When the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
- When the data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
If you wish to request restriction, please write to us at privacy(at)coopera.io.
Right to lodge a complaint with the relevant supervisory authority
You have the right to lodge a complaint with the relevant supervisory authority if you believe your data protection rights have been violated. The responsible supervisory authority can be found at the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_link….
Right to data portability
You have the right to receive your personal data in a machine-readable format and, if technically feasible, to have it transferred to another responsible party upon request.
16. Changes to the privacy statement
We reserve the right to revise this privacy statement. Important changes will be announced on our website.