Data protection
CARE & FAIR, the initiative against illegal child labour in the carpet industry in India and Pakistan, takes data protection very seriously. The following information gives you a simple overview of what happens to your personal data. Personal data are any and all data which may be used to identify you personally. For extensive information on the subject of data protection, please refer to our Privacy Policy, referenced in this document.
Privacy Policy
General information and principles
CARE & FAIR collects, processes and uses personal data in accordance with the provisions of the EU-wide General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (FDPA) as amended. Personal data are stored in an internal IT system, which is protected from unauthorised access of third parties by technical and organisational measures. The Board of Directors maintains an index of processing activities in accordance with Art. 30 (1) GDPR and continuously documents the technical and organisational measures regarding data protection.
Joining the association
When a new member joins the association, the member is informed of the data protection provisions in accordance with Art. 13 (1) and (2) GDPR. Upon a new member joining, the association may collect all the data (membership application or joining declaration) which are necessary for the pursuit of the association’s aims and the management and administration of memberships (cf. Art. 6 (1) (b) GDPR).
The following data/personal data are collected by the association when a new member joins:
Every member, regardless of whether they are an ordinary member or a sponsor, is also allocated an internal membership number.The data of non-members whose data were communicated upon receipt of a donation are collected and stored separately.
This information is only collected and processed internally by CARE & FAIR if it is useful for the pursuit of the association’s aims and there are no indications that the data subject has an interest meriting protection which conflicts with the processing.Separate consent is obtained as required for the use of personal data and photographs in the context of PR work in print and online media (association website, association’s social media latform).
Leaving the association
When a member leaves, all stored data are archived. The archived data are likewise protected from access by third parties by appropriate technical and organisational measures. The archived data may likewise only be used for internal purposes of the association. Personal data of the leaving member which concern the association’s cash management are kept by the association for up to ten years after the effective end of the membership, in accordance with the provisions of taxation law. These data are deleted after this period.
Transfer of data
The collected data are exclusively used internally. They are not transferred to other organisations, associations, companies or other third parties.
Disclosure of membership data to members of the association
Membership lists are only provided to members of the Board of Directors and other members who hold a special position in the association according to the Statutes and/or Rules of Procedure which requires them to have knowledge of the membership data. If a member asserts that they require the membership list to exercise their rights under the Statute, the Board of Directors will only provide the list against written assurance that the membership data will not be used for any other purposes.
Revocation of your consent to data processing
Many data processing procedures can only take place with your express consent. You may revoke the consent given at any time. All you need to do is send us an informal email. The lawfulness of the data processing which took place before the revocation is not affected by the revocation.
Right to data portability
You have the right to have any data which we process by automated means on the basis of your consent or in the course of performing a contract provided to you or a third party in a commonly used, machine-readable format. If you request a direct transfer of data to another controller this will only take place if such transfer is technically feasible.
Data collection on the CARE & FAIR website
The website of CARE & FAIR can generally be used without disclosing any personal data. However, if a data subject wishes to make use of special services of our association via the website, a processing of personal data may be required. If processing of personal data is required and there is no basis in law for such processing, we will obtain the consent of the data subject.Data processing on this website is carried out by the website operator. The relevant contact details are stated on the website.This website exclusively uses an analysis cookie for the purposes of market analysis by Google Analytics, a web analysis service of Google Inc. (“Google”). Cookies are small text files which are stored on your terminal and enable an analysis of your use of the website.
The information generated by the cookie about your use of this website (including your IP address) will be transmitted to and stored by Google on a server in the United States. However, your IP address will be shortened by Google within the member states of the European Union or other states participating in the Agreement on the European Economic Area prior to transmission. Only in exceptional cases will a full IP address be transmitted to a Google server in the USA and be shortened there. Google uses this information to analyse your use of the website, to compile reports on website activities for the website operators, and to render other services related to the use of the website and of the Internet in general. Google may also transmit this information to third parties if this is required by law or if third parties process these data on behalf of Google. Under no circumstances will Google link your IP address to other Google data. You can prevent the installation of cookies through appropriate setting of your browser software; however, please note that this may result in not being able to use all functions of this website to their full extent.
Your use of this website is deemed acceptance on your part of the processing of the data collected about you by Google in the manner described above and for the above-mentioned purposes. Any cookies used by us are deleted from your hard drive at the end of the browser session (so-called session cookies). Other cookies may remain on your computer and enable us to recognise your computer at your next visit (so-called permanent cookies).
Third-party data processing
We have concluded a third-party data processing agreement with Googleand fully implement the strict requirements of the German data protection authority in our use of Google Analytics.
Data protection officer
We are not required to appoint a data protection officer. Organisational provisions are in place which ensure that less than 10 persons are engaged in data processing at any one time and that the collection and processing is performed in a manner which ensures that the special appointment requirements pursuant to Art. 37 (1) (c) and Art. 9 (1) do not apply.
Controller
The controller responsible for decisions regarding the purpose and means of processing of personal data (e.g. name, email addresses, etc.) is the association’s Board of Directors and/or the executive management.
Right to complain to a supervisory authority
In the event of a breach of data protection law, the data subject is entitled to complain to the competent supervisory authority. The Commissioner for Data Protection and Freedom of Information the Free and Hanseatic City of Hamburg (“Hamburgische Beauftragte für Datenschutz und Informationsfreiheit der Freien und Hansestadt Hamburg”) is the competent supervisory authority for the submission of data subject complaints regarding data protection. Complaints may be submitted online to mailbox@datenschutz.hamburg.de.