Data protection declaration according to the European General Data Protection Regulation (EU) 2016/679 (EU-GDPR)
1. Name and address of the controller
Controllers within the meaning of the EU GDPR, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature are
Verbreitung der Heiligen Schrift e.V. (VdHS)
D-35713 Eschenburg, Germany
Phone: +49 (27 74) 92 395-0
Fax: +49 (27 74) 92 395 – 20
GBV Dillenburg GmbH (GBV)
Eiershäuser Straße 54
35713 Eschenburg, Germany
Tel:+49 (27 74) 80 05-0
2. Name and address of the data protection officer
The data protection officer of the controllers is:
Mr. Christoph Larsen
DS Datenschutz Christoph Larsen
Phone: +49 (22 61) 56 09 20
It is possible at any time to object to the setting of cookies by changing the setting in the Internet browser accordingly. Set Cookies can be deleted. It should be noted that if cookies are deactivated, not all functions of our website may be fully usable.
4. Creation of log files
Each time the website is accessed, data and information is collected by an automated system. These are stored in the log files of the server.
The following data may be collected:
- Information about the browser type and version used
- The user's operating system
- The user's Internet service provider
- The IP address of the user
- Date and time of access
- Websites from which the user's system reaches our website (referrer)
- Websites accessed by the user's system via our website
The processing of the data serves to deliver the contents of our website, to ensure the functionality of our information technology systems and to optimize our website. The data of the log files are always stored separately from other personal data of the users.
This website uses the open source web analysis service Matomo. Matomo uses technologies that enable the cross-page recognition of the user for the analysis of user behavior (e.B. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymized before storage.
With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This allows us to find out, among other things, when which page views were made and from which region they come. In addition, we collect various log files (e.B IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.B clicks, purchases, etc.).
The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the anonymous analysis of user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested (e.B. consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
When analyzing with Matomo, we use IP anonymization. Your IP address is shortened before the analysis, so that it can no longer be clearly assigned to you.
We host Matomo exclusively on our own servers, so that all analysis data remains with us and is not passed on.
6. Ways to contact us
On the website gratisbibel.de there is a form that can be used for the electronic ordering of a free Bible. If the data subject contacts the controller via this channel, the personal data transmitted by the data subject will be automatically stored. The storage serves solely for processing purposes. The data will not be passed on to third parties.
7. Routine deletion and blocking of personal data
The controller processes and stores personal data of the data subject only for as long as this is necessary to achieve the purpose of storage. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller responsible for the processingis subject.
As soon as the storage purpose ceases to apply or a storage period prescribed by the aforementioned regulations expires, the personal data will be routinely blocked or deleted.
8. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the EU GDPR and you have the following rights vis-à-vis the controller:
8.1 Right to information
You can request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing exists, you can request information from the controller about the following information:
a. the purposes for which the personal data are processed;
b. the categories of personal data that are processed;
c. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
d. the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
e. the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
f. the existence of a right of appeal to a supervisory authority;
g. all available information on the origin of the data, if the personal data are not collected from the data subject;
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 EU GDPR in connection with the transfer.
8.2 Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.
8.3 Right to restriction of processing
Under the following conditions, you can request the restriction of the processing of your personal data:
a. if you contest the accuracy of the personal data concerning you for a period of time that enables the controller to verify the accuracy of the personal data;
b. the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data;
c. the controller no longer needs the personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims, or
d. if you have objected to the processing pursuant to Art. 21 para. 1 EU GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.
If the processing of your personal data has been restricted, this data may only be processed – apart from its storage – with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
8.4 Right to erasure
8.4.1. You may request the Controller to delete the personal data concerning you without undue delay and the Controller is obliged to delete such data without undue delay if one of the following reasons applies:
a. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
b. You revoke your consent on which the processing pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a EU GDPR was based, and there is no other legal basis for the processing.
c. You object to the processing in accordance with Article 21 (1) of the EU GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Article 21 (2) EU GDPR.
d. The personal data concerning you has been unlawfully processed.
e. The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
f. The personal data concerning you have been collected in relation to information society services offered in accordance with Article 8 (1) of the EU GDPR.
8.4.2. Where the controller has made the personal data concerning you public and is obliged pursuant to Article 17(1) of the EU GDPR to erase it, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you, as the data subject, have requested erasure by such controllers of any links to, or copy or replication of, those personal data.
8.4.3. The right to erasure does not exist if the processing is necessary
a. to exercise the right to freedom of expression and information;
b. to comply with a legal obligation requiring processing under Union or Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority conferred on the controller;
c. for reasons of public interest in the field of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 EU GDPR;
d. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) EU GDPR,insofar as the right referred to in paragraph 1 is likely to make the achievement of the objectives of this processing impossible or seriously impaired, or
e. to assert, exercise or defend legal claims.
8.5 Right to information
If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right vis-à-vis the controller to be informed about these recipients.
8.6 Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data have been provided, provided that:
a. the processing is based on consent pursuant to Art. 6 para. 1 lit. a EU GDPR or Art. 9 para. 2 lit. a EU GDPR or on a contract pursuant to Art. 6 para. 1 lit.b EU GDPR and
b. the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority conferred on the controller.
8.7 Right of objection
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 lit. e or f EU GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct advertising.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
In connection with the use of information society services, you have the possibility – notwithstanding Directive 2002/58/EC – to exercise your right to object by automated means using technical specifications.
8.8 Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
8.9 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the allegedinfringement, if you believe that the processing of your personal data infringes the EU GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the EU GDPR.
9. Disclosure of data to third parties
In order to ensure sufficient data security when submitting forms, we use Friendly Captcha from the company of the same namein certaincases. This serves above all to distinguish whether the input is made by a natural person or abusively by machine and automated processing. The service includes the sending of the IP address and, if necessary, other data required for the Friendly Captcha service. For more information, see https://friendlycaptcha.com/de/legal/privacy-end-users/.
10. Legal basis of processing
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 Para. 1 lit. a EU GDPR as legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party,Art. 6 Para. 1 lit.b EUGDPR as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 Para. 1 lit.c EU GDPR as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 Para. 1 lit. d EU GDPR as legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest,Art. 6 Para. 1 lit. f EU GDPR as the legal basis for the processing. The legal interest of our company lies in the execution of our business activities.
11. Duration of storage of personal data
Personal data will be stored for the duration of the respective statutory retention period. After expiry of the period, the data will be routinely deleted, unless there is a need for the initiation or fulfilment of the contract.
12. Joint responsibility
The controllers mentioned under 1. have concluded an agreement on the joint processing of personal data in accordance with Article 26 of the EU GDPR.
This agreement is accessible to any data subject upon request.