We take the protection of your personal data very seriously and adhere strictly to the rules of data protection law, as they are decisively prescribed by the regulations of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).  The following statement provides you with an overview of how we ensure this protection, in particular what type of data is collected, processed and used for what purpose and what rights you are legally entitled to.

Person responsible for data processing and contact details:
The responsible party within the meaning of Article 4 No. 7 GDPR is:
Friedrich Naumann Foundation for Freedom
Karl-Marx-Strasse 2, 14482 Potsdam-Babelsberg, Germany
+49 331 7019 0
service@freiheit.org

You can reach the company data protection officer of the Friedrich Naumann Foundation for Freedom, Jan Schallaböck, at the following e-mail address: dsb@fnf.irights-law.de

You have the right to contact the data protection supervisory authorities with complaints. Competent authority for the Friedrich Naumann Foundation for Freedom: State Commissioner for Data Protection and for the Right to Inspect Files
Stahnsdorfer Damm 77
14532 Kleinmachnow
Germany

Content

1. Personal Data and Processing Purposes

2. Collection of Logs

3. Cookies

4. Web Analytics

5. Social Media & Plugins

6. Information on Special Services

7. Storage Period & Deletion

8. Your Rights

9. Addendum according to the Kenya Data Protection Act of 2019

 

1. Personal Data and Processing Purposes

Personal data that you provide electronically to the Friedrich Naumann Foundation for Freedom, such as your name, postal address or e-mail address, will be stored and used by us for the respective purpose of fulfilling the service (event participation, publication deliveries, scholarship inquiries) (Article 6 (1) sentence 1 letter b GDPR). Furthermore, we use your data to draw your attention to further events, publications and other activities of the Foundation if the legal requirements for this are met (Article 6 (1) sentence 1 a and f GDPR); as a rule, we request your consent for this.

Data is only passed on to third parties (e.g. to public funding bodies, supervisory authorities or organizations cooperating with the Foundation) if we are legally obliged to do so or you have given us your consent. If we engage service providers to provide technical support for data processing, this is done in strict compliance with the regulations on commissioned data processing (Article 28 GDPR).

2. Collection of Logs

When you visit our website, if you do not transmit information to us in any other way, we only collect the personal data that your browser transmits to our server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

- IP address

- Date and time of the request

- Time zone difference to the coordinated universal time (UTC)

- request transmitted by the web browser, consisting of request method (e.g. GET), requested page or resource, protocol version (e.g. HTTP/1.1)

- access status/HTTP status code (e.g. 404 for "page not found")

amount of data transferred in each case

- Page from which the currently displayed page was accessed or the resource was included (if your web browser transmits this information)

- Browser identification, consisting of name, manufacturer, version and language of your browser software, as well as operating system and its version (if your web browser transmits this information).

The aforementioned data is collected for the purpose of displaying our website to you and ensuring stability and security. Legal basis is Art. 6 para. 1 letter f GDPR

3. Cookies

In addition to the above log data when visiting our website, cookies are stored on your computer. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. In the cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we thereby gain direct knowledge of your identity. Furthermore, cookies cannot execute programs or transfer viruses to your computer. They are used to make the website as a whole more user-friendly and effective.

This website uses the following types of cookies:

- Transient cookies: transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website.

- Persistent cookies: Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. We use such cookies to statistically record the use of our website and to optimize our offer. In doing so, the cookies enable us to automatically recognize that you have already been with us when you visit our site again.

You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all functions of this website.

O Functional cookies: they are used to analyze the use of the website, for example, to determine which offers are particularly popular or which language settings users have chosen.

O Marketing cookies: These cookies can be set by our partners via the website. They may be used by them to create a profile of the user's interests and to enable the display of relevant advertising content.

The relevant analysis tools and partner companies are listed in the respective consent forms that we ask you to provide at the beginning of your use of our website and are described in more detail below.

The legal basis for the processing of data by means of cookies is Art. 6 para. 1 p. 1 lit. f or - in the case of functional and marketing cookies - lit. a GDPR.

4. Web Analytics

Use of Google Analytics:

- We use Google Analytics on our website, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies that are stored on your computer and that enable an analysis of your use of our website. The information generated by the cookie about your use of our website, such as IP address, date and time of request, website from which the request came, browser and operating system are usually transmitted to a Google server in the U.S. and stored there. We use Google Analytics with the extension "_anonymizeIp()"; this means that your IP address is shortened beforehand by Google even within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user. The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 letter a GDPR.

- The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

- You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at this link.

- For more information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001) https://policies.google.com/privacy

Use of Matomo (formerly Piwik):

- We use the web analytics service Matomo on our website. Matomo uses cookies that are stored on your computer and that enable an analysis of your use of our website. We store the information collected in this way exclusively on our server in Germany. We use Matomo with the extension "AnonymizeIP". This means that IP addresses are processed in abbreviated form, thus excluding the possibility of a direct link to a person.

- The IP address transmitted by your browser via Matomo is not merged with other data collected by us.

We use Matomo to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user. The legal basis for the use of Matomo is Art. 6 para. 1 p. 1 letter a GDPR.

- The Matomo program is an open source project. Information from the third-party provider on data protection is available here.

Use of the Facebook pixel (Facebook Custom Audiences):

- Furthermore, we use on our website the so-called "Facebook Pixel" of Facebook Inc. ("Facebook"). This allows interest-based advertisements ("Facebook Ads") to be displayed to users of our website when they visit the social network Facebook or other websites that also use the method. Through the Facebook pixel, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of the Facebook pixel, Facebook receives the information that you have clicked on an ad from us or called up the corresponding website of our Internet presence. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will learn and store your IP address and other identifiers.

- With the use of the Facebook pixel, we pursue the purpose of displaying Facebook ads placed by us only to those Facebook users who have also shown an interest in our Internet offer. With the help of the Facebook pixel, we would like to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. Furthermore, with the help of the Facebook pixel, we can track the effectiveness of Facebook ads for statistical purposes by seeing whether users were redirected to our website after clicking on a Facebook ad. The legal basis for the use of the Facebook pixel is Art. 6 para. 1 p. 1 letter a GDPR.

- More information on data processing at Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA can be found here and here.

5. Social Media & Plugins

- We currently use the following social media plug-ins: Facebook, Twitter, Instagram. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in via the logo on the respective button. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it, the plug-in provider receives the information that you have called up the corresponding website of our online offer. By activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (in the case of US providers in the USA) (in the case of Facebook, according to the provider in Germany, the IP address is anonymized immediately after collection).

- We have no influence on the collected data and data processing operations, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.

- The plug-in provider stores the data collected about you as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. Through the plug-ins, we offer you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 letter a GDPR.

- The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be directly assigned to your account with the plug-in provider. If you click the activated button and link to the page, for example, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this allows you to avoid an assignment to your profile with the plug-in provider.

- For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the data protection declarations of these providers provided below. There you will also receive further information about your rights in this regard and setting options for protecting your privacy.

- Addresses of the respective:

o Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA for its own data policy and further information on data collection can be found here, here and here.

o Twitter, Inc, 1355 Market St, Suite 900, San Francisco, California 94103, USA on its own privacy policy.

o Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA for its own privacy policy.

- We have integrated YouTube videos into our online offering, which are stored on http://www.YouTube.com and can be played directly from our website.

- By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website.

- For more information on the purpose and scope of data collection and processing by YouTube, please see the privacy policy. There you will also find further information about your rights and setting options to protect your privacy.

- On this website we use the offer of Google Maps. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.

- By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

- For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider's privacy policy. There you will also receive further information on your rights in this regard and setting options for protecting your privacy. Google also processes your personal data in the USA.

Foleon

Digital Publications are also hosted by Foleon B.V., Transformatorweg 38-72, 1014 AK, Amsterdam, The Netherlands, email address: info@foleon.com. The hoster receives the above data as a processor. Foleon processes personal data solely for the purpose of storing the digital publications and/or forms created by or on behalf of the Foundation on its servers or those of third parties contracted by Foleon. The Processor will not process the Personal Data for any purpose other than that specified by the Foundation. Foleon's privacy policy can be found here: https://www.foleon.com/privacy-policy

Infogram

On our website are embedded graphics and statistics generated by the service "Infogram". These features are provided by Infogram, 450 Bryant Street, San Francisco, CA 94107, USA.

When you visit a page on which an Infogram graphic is embedded, a direct connection is established between your browser and the third-party provider's server. Currently, it must be assumed that at least the IP address and device-related information are collected and used as a result. Likewise, there is the possibility that the service providers attempt to store cookies on the computer used. Infogram provides information about the use of data in its privacy policy: https://infogram.com/de/privacy.

We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data as well as its use by Infogram.

Podigee Podcast Hosting

We use the podcast hosting service Podigee of the provider Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. The podcasts are thereby loaded by Podigee or transmitted via Podigee.

The use is based on our legitimate interests, i.e. interest in a safe and efficient provision, analysis as well as optimization of our podcast offer according to Art. 6 para. 1 lit. f. GDPR.

Podigee processes IP addresses and device information to enable podcast downloads/playbacks and to determine statistical data, such as call-up figures. This data is anonymized or pseudonymized before being stored in Podigee's database, unless it is necessary for the provision of the podcasts.

Further information and objection options can be found in the privacy policy of Podigee https://www.podigee.com/de/about/privacy/

Flickr

We use the service Flickr for the display of images. These functions are offered by Flickr, Inc.c/o SmugMug Limited, 3rdFloor, Chancery House, St. Nicholas WaySutton, England, SM1 1JB.

By calling up a corresponding page, flickr receives the information that you have called up the corresponding page of our website. If you are logged in to flickr, flickr can assign the visit to your flickr account. For more information on the protection of your privacy, please refer to the privacy policy of flickr at https://www.flickr.com/help/privacy.

6. Information on Special Services

Newsletter distribution with Newsletter2Go

For sending e-mails and newsletters, our service provider may use the service Newsletter2Go. Your data will be transmitted to Sendinblue GmbH. Sendinblue GmbH is prohibited from selling your data and using it for purposes other than sending newsletters. Sendinblue GmbH is a German, certified provider, which was selected in accordance with the requirements of the General Data Protection Regulation and the Federal Data Protection Act.

You can find more information here: https://de.sendinblue.com/informationen-newsletter-empfaenger/?rtype=n2go

Emails and newsletters sent with the help of Newsletter2Go may use tracking technologies. We use this data in anonymized form to find out which topics are of interest to our customers by statistically tracking whether our emails or newsletters are opened and which links are clicked by our customers. We then use this information to improve our offerings.

Newsletter distribution with Mailjet

When you subscribe to one of our newsletters, we collect your e-mail address and optionally your name and gender (if you provide them). The provision of additional information is voluntary and serves the purpose of addressing you personally. The only required information is your email address. In addition, we process your IP address, date and time, as well as the timestamps of the subscription and confirmation for registration purposes.

The legal basis for this is your consent given during the registration process (Art. 6 para. 1 sentence 1 lit. a GDPR). You may revoke this consent at any time by unsubscribing from the service via a link provided at the end of each newsletter or email update.

For the distribution of emails and newsletters, our service provider may use the Mailjet platform in cooperation with Mailjet GmbH; Alt-Moabit 2, 10557 Berlin. Mailjet acts as data processor according to Art. 28 GDPR.

When sending newsletters, your email address will be transmitted to Mailjet. Mailjet is prohibited from using your information for any purpose other than sending newsletters or email invitations on behalf of the Friedrich Naumann Foundation.

Emails and newsletters sent via Mailjet may contain tracking technologies. We use this data in an anonymous form to determine which topics are of interest to our customers by statistically tracking whether emails or newsletters are opened and which links are clicked. We use this information to help us improve our services. These statistical surveys and analyses are based on legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

Personal data is stored - unless there are further legal reasons - until the person concerned objects to the use of the data, withdraws his or her consent or requests that the data be deleted. In addition, the continued validity of the legal basis for data storage is regularly reviewed and, if it no longer applies, personal data is deleted within an appropriate processing period of up to 3 months.

Mailjet processes your data on our behalf to maintain and improve the quality of email delivery (e.g., filtering out invalid addresses). Your data will be used in a pseudonymized form, i.e. not associated with specific individuals. These statistical surveys and analyses are based on legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

The privacy policy of Mailjet applies: https://www.mailjet.de/privacy-policy/

7. Storage Period & Deletion

The Foundation will store and use your personal data for as long as is necessary for the fulfillment of the respective service or to achieve the purpose on which the storage is based, or for as long as a granted consent is not revoked.

If these conditions cease to apply, the data will be deleted subject to statutory retention obligations. Deletion also takes place in the other cases listed in Article 17 GDPR.

8. Your Rights

You may revoke your consent to the processing and use of your data at any time (Article 7 (3) GDPR); to do so, please send an email to: service@freiheit.org.

Your data will then be deleted immediately. This also applies to the revocation of a declaration of consent given to the Foundation before the GDPR came into force, i.e. before May 25, 2018.

You have the right to information about your personal data stored by the Foundation in accordance with Article 15 GDPR and Section 34 BDSG. Please address this request to service@freiheit.org. You have the right to request that incorrect data concerning you be corrected, Article 16 GDPR.

You also have the right to have your personal data deleted under the conditions listed in Article 17 GDPR and supplemented by Section 35 BDSG. Please address a corresponding request to: service@freiheit.org.

You have the rights to restriction of processing under Article 18 GDPR, to object under Article 21 (1) GDPR and to data portability under Article 20 GDPR. Insofar as we use your data to send you information (direct advertising), you may object to its use for these purposes. We will then no longer process this data for these purposes, Article 21 (2) and (3) GDPR.

The objection can be made informally with the subject "Objection", stating your name and address, and should be addressed to service@freiheit.org.

 

9. Addendum according to the Kenya Data Protection Act of 2019

1. INTRODUCTION

1. This Privacy Policy provides information on the processing of personal data by Friedrich Naumann Foundation For Freedom, Kenya (“the Foundation”, “we” “us” “our”). This Privacy Policy also explains the rights that you have in relation to the processing activities. The Foundation is committed to ensuring that your personal data is processed lawfully and in accordance with the Data Protection Act, 2019 (the “Act”) and its Regulations.

 

2. PURPOSE OF THIS PRIVACY POLICY

 

1. To perform our functions, we need to collect certain personal data and sensitive personal data.

 

2. This Privacy Policy:

 

1. sets out the types of personal data that we collect about you;
2. explains how and why we collect and use your personal data;
3. explains how long we keep your personal data;
4. explains when, why and with whom we will share your personal data;
5. sets out the legal basis we have for using your personal data;
6. explains the effect of refusing to provide the personal data required;
7. explains the different rights and choices you have when it comes to your personal data; and
8. explains how we may contact you and how you can contact us.

 

3. APPLICATION OF THIS PRIVACY POLICY

 

1. This Privacy Policy applies to the processing of personal data of the Foundation’s visitors and users of the Foundation’s various sites, employees, attendees of the Foundation’s events, subscribers to the Foundation’s publications or newsletters or mailing list, visitors to the Foundation’s premises, consultants, suppliers and business partners and their representatives (referred to as “you” or “your” in this Privacy Policy).

 

4. THE PERSONAL DATA COLLECTED

 

1. The Foundation collects personal data directly from you as well as from other available sources to the extent permitted by law. 

 

2. The Foundation endeavors to collect only that personal data that is necessary for the purpose(s) for which it is collected and to retain such data for no longer than necessary for such purpose(s). Subject to applicable law and practice, the categories of personal data that are typically collected and processed include, but are not limited to:

 

1. Event Participants: We collect your name, contact information (email addresses and telephone numbers), organization,country of origin, country of residence, photos, audio recordings and video recordings.
2. Visitors to the Foundation’s office premises: We collect your name, telephone number, ID number and surveillance camera footage.
3. Subscription/Mailing List: We collect your name, designation and email address.
4. Employees: We collect your name, contact information (email addresses and telephone numbers), ID/Passport number, KRA PIN details, NHIF details, NSSF details, HELB details, bank account details, next of kin details, spouse details, details of children, education information, pension and medical onboarding information and residential information.
5. Consultants, Suppliers and Partners: We collect your name, name of organization, contact details or the details of individual contacts at your organization information (email addresses and telephone numbers), designation, ID/Passport number, your bank details and KRA PIN.

 

5. HOW THE PERSONAL DATA IS COLLECTED

 

1. We may collect personal data:

 

1. directly from you. For example, we collect data from you when:

 

• • you correspond with us by phone or by email;
  • you visit our offices;
  • you attend our events; or
  • you visit our website and other social media sites.

 

2. indirectly from you. Examples of situations where we may collect personal data indirectly from you include:

 

• • through our office surveillance cameras when you visit our offices;
  • where the data is contained in a public record;
  • where you have deliberately made the data public;
  • where you have given us consent to collect the data from another source;
  • from third parties who collect information about you on behalf of the Foundation;
  • where you have an incapacity, and your appointed guardian has consented to the collection from another source;
  • where the collection from another source is necessary:
    • for the prevention, detection, investigation, prosecution, and punishment of crime;
    • for the enforcement of a law which imposes a pecuniary penalty; or
    • for the protection of the interests of a data subject or another person.

 

6. USES OF YOUR PERSONAL DATA

 

1. Event Participants: We process personal data to, among others:

 

1. register you for our events;
2. share event materials, information about our activities and future events; and
3. effectively communicate and coordinate.

 

2. Visitors to the Foundation’s office premises: We process personal data to, among others:

 

1. identify you;
2. attend to your request(s); and
3. manage the security and operation of our premises;

 

3. Subscription/Mailing List: We process personal data to, among others:

 

1. share with you our publications; and
2. share event information and materials, information about our activities and future events;

 

4. Employees: We process personal data to, among others:

 

1. assess your suitability for the role we seek to fill internally;
2. enter into an employment contract with you;
3. populate your employee file;
4. undertake the payroll process;
5. collect emergency contact details;
6. onboard you on our pension and medical schemes; and
7. complete the employee details form.

 

5. Consultants, Suppliers and Partners: We process personal data to, among others:

 

1. enter into supplier and partner contracts;
2. make the necessary payments;
3. effectively communicate and coordinate during the contract period;
4. share information about our marketing campaigns;
5. share information about our events; and
6. make tax payments and returns.

 

 

 

6. We also process personal data to:

 

1. communicate and respond to your requests and inquiries to the Foundation;
2. engage in transactions with business partners;
3. analyse, develop, improve and optimize the use, function and performance of our sites and products and services;
4. manage the security and operation of our sites, facilities and networks and systems;
5. run our activities;
6. for research purposes;
7. help us establish or defend legal claims; and
8. comply with applicable laws and regulations.

 

7. OUR LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA

 

1. The Foundation processes your personal data for the following lawful bases:

 

1. where you consent to the processing for one or more specified purposes; or
2. where the processing is necessary:
   • for the performance of a contract to which you are a party or to take certain steps at your request before entering a contract;
   • for compliance with any legal obligation to which we are subject;
   • to protect your vital interests or that of another person/individual;
   • to enable us to perform a task carried on in public interest or in the exercise of official authority vested in us;
   • for our legitimate interest; and
   • for historical, statistical, journalistic, literature and art or scientific research.

 

8. SHARING OF YOUR PERSONAL DATA

 

1. Any disclosure of your personal data shall be in accordance with applicable law and regulations. 

 

2. We may disclose your personal data to:

 

1. our head office in Germany for reporting and audit purposes.
2. tax or other authorities when we believe in good faith that the law or other regulation requires us to share this data.
3. service providers who perform functions on our behalf (including external consultants, business associates and professional advisers such as lawyers, and auditors, partners for event organization, administration functions and technical and support functions).
4. third party outsourced IT and document storage providers.
5. debt-collection agencies or other debt-recovery organisations.
6. relevant third parties in the event of a restructuring.
7. emergency service providers where such disclosure to emergency service providers is necessary for your rescue, health and safety, including your approximate location.

 

9. SAFEGUARDING YOUR PERSONAL DATA

 

1. We care about protecting your personal data. That is why we have put in place appropriate measures that are designed to prevent personal data breaches.

 

2. We do this by having in place a range of appropriate technical and organizational measures including measures to deal with any suspected personal data breaches.

 

3. If you suspect any misuse or loss of or unauthorized access to your personal data please let us know immediately by contacting us.

 

10. STORAGE OF YOUR PERSONAL DATA

 

1. We will only keep your personal data for as long as it is necessary to achieve the purposes for which it was required unless the retention is required or authorized by law, reasonably necessary for a lawful purpose, you have consented to longer retention periods or if the personal data is required for reporting, auditing or compliance purposes.

 

11. THE RIGHTS YOU HAVE OVER YOUR PERSONAL DATA

 

1. The Act accords you several rights over your data.

 

1. right to information: you have a right to be informed of how the Foundation will use your personal data.
2. right of access: you are entitled to access your personal data that is in our possession or custody.
3. right to object:  you can object to the processing of all parts of your personal data, unless we can demonstrate:

• a compelling legitimate interest for the processing which overrides your interests: or
• that we are processing your personal data for the establishment, exercise or defense of a legal claim.

4. right to rectification: you have the right to request us to rectify or correct, personal data in our possession or under our control that is inaccurate, outdated, incomplete or misleading.
5. right to erasure: you can request us to delete or destroy personal data that we are no longer authorized to retain, or which is irrelevant, excessive, or obtained unlawfully.
6. right to data portability:  you have the right to receive personal data concerning you in a structured, commonly used and machine-readable format and to transmit the data to another data controller without hinderance. Where technically possible, have personal data transmitted directly from us to another data controller or data processor.
7. automated decision making: you have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning or that significantly affect you.
8. right of restriction:  You have the right to request us to restrict the processing of personal data where:

• you contest the accuracy of the personal data.
• the personal data is no longer required for the purpose of the processing.
• the processing is unlawful or you are opposed to the erasure of the personal data and requested for restriction of its use instead.
• you have objected to the processing of personal data, pending verification as to whether the legitimate interests of the data controller or data processor overrides those of the data subject.

9. right to raise a complaint: You can raise a complaint about the processing of your personal data.

 

2. If you wish to exercise any of our rights above, please contact us using our contacts details provided herein. We will endeavor to deal with your request without undue delay.

 

3. We may ask for identification to ascertain whether we are issuing the data to the right person.

 

12. COMPLAINTS MANAGEMENT

 

1. If you have any complaint regarding our compliance with this Privacy Policy, please contact us. We will investigate and attempt to resolve complaints and disputes regarding use of personal data in accordance with our policies and the applicable law. You also have the right to file a complaint with the Office of the Data Protection Commissioner.

 

13. INTERNATIONAL TRANSFER OF YOUR PERSONAL DATA

 

1. To provide you with the best services and carry out the purposes outlined in this Privacy Policy, we may need to transfer your personal data;

 

1. 1. to our head office in Germany;
   2. to our oversees partners or service providers; or
   3. to our cloud-based storage provider.

 

2. We will only transfer your data outside Kenya where such transfer is compliant with the provisions of the Act.
3. To ensure that your personal data receives adequate levels of protection, we shall put in place appropriate procedures with the third parties we share your personal data with to ensure that your personal data is treated by those third parties in a way that is consistent with and which respects the applicable data protection law.

 

14. COLLECTION OF LOGS

 

1. When you visit our website and you do not transmit information to us in any other way, we only collect the personal data that your browser transmits to our server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

 

1. IP address
2. date and time of the request
3. time zone difference to the coordinated universal time (UTC) request transmitted by the web browser, consisting of request method (e.g. GET), requested page or resource, protocol version (e.g. HTTP/1.1)
4. access status/HTTP status code (e.g. 404 for "page not found")
5. amount of data transferred in each case
6. page from which the currently displayed page was accessed or the resource was included (if your web browser transmits this information)
7. browser identification, consisting of name, manufacturer, version and language of your browser software, as well as operating system and its version (if your web browser transmits this information).

 

2. The aforementioned data is collected for the purpose of displaying our website to you and ensuring stability and security.

 

15. COOKIES

 

1. In addition to the above log data when visiting our website, cookies are stored on your computer. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. In the cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we thereby gain direct knowledge of your identity. Furthermore, cookies cannot execute programs or transfer viruses to your computer. They are used to make the website as a whole more user friendly and effective.

 

2. This website uses the following types of cookies:

 

1. Transient cookies: transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website.
2. Persistent cookies: persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. We use such cookies to statistically record the use of our website and to optimize our offer. In doing so, the cookies enable us to automatically recognize that you have already been with us when you visit our site again.
3. Functional cookies: they are used to analyze the use of the website, for example, to determine which offers are particularly popular or which language settings users have chosen.
4. Marketing cookies: these cookies can be set by our partners via the website. They may be used by them to create a profile of the user's interests and to enable the display of relevant advertising content.

 

3. You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all functions of this website.

 

4. The relevant analysis tools and partner companies are listed in the respective consent forms that we ask you to provide at the beginning of your use of our website and are described in more detail below.

 

16. WEB ANALYTICS

 

1. Use of Google Analytics:

 

1. We use Google Analytics on our website, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies that are stored on your computer and that enable an analysis of your use of our website. The information generated by the cookie about your use of our website, such as IP address, date and time of request, website from which the request came, browser and operating system are usually transmitted to a Google server in the U.S. and stored there. We use Google Analytics with the extension "_anonymizeIp()"; this means that your IP address is shortened beforehand by Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user.
2. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
3. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at this link.
4. For more information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001) https://policies.google.com/privacy

 

2. Use of Matomo (formerly Piwik):

 

1. We use the web analytics service Matomo on our website. Matomo uses cookies that are stored on your computer and that enable an analysis of your use of our website. We store the information collected in this way exclusively on our server in Germany. We use Matomo with the extension "AnonymizeIP". This means that IP addresses are processed in abbreviated form, thus excluding the possibility of a direct link to a person.
2. The IP address transmitted by your browser via Matomo is not merged with other data collected by us.
3. We use Matomo to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user.
4. The Matomo program is an open-source project. Information from the third-party provider on data protection is available here.

 

3. Use of the Facebook pixel (Facebook Custom Audiences):

 

1. Furthermore, we use on our website the so-called "Facebook Pixel" of Facebook Inc. ("Facebook"). This allows interest-based advertisements ("Facebook Ads") to be displayed to users of our website when they visit the social network Facebook or other websites that also use the method. Through the Facebook pixel, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of the Facebook pixel, Facebook receives the information that you have clicked on an ad from us or called up the corresponding website of our Internet presence. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will learn and store your IP address and other identifiers.
2. With the use of the Facebook pixel, we pursue the purpose of displaying Facebook ads placed by us only to those Facebook users who have also shown an interest in our Internet offer. With the help of the Facebook pixel, we would like to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. Furthermore, with the help of the Facebook pixel, we can track the effectiveness of Facebook ads for statistical purposes by seeing whether users were redirected to our website after clicking on a Facebook ad.
3. More information on data processing at Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA can be found here and here.

 

17. SOCIAL MEDIA AND PLUG-INS

 

1. We currently use the following social media plug-ins: Facebook, Twitter, Instagram. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in via the logo on the respective button. We give you the opportunity to communicate directly with the provider of the plug-in via the button. It is only if you click on the marked field and thereby activate it, that the plug-in provider receives the information that you have called up the corresponding website of our online offer. By activating the plug-in, your personal data is transmitted to the respective plug-in provider and processed according to their policies.

 

2. We have no influence on the collected data and data processing operations, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.

 

3. The plug-in provider stores the data collected about you as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. Through the plug-ins, we offer you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user.

 

4. The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be directly assigned to your account with the plug-in provider. If you click the activated button and link to the page, for example, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this allows you to avoid an assignment to your profile with the plug-in provider.

 

5. For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the data protection declarations of these providers provided below. There you will also receive further information about your rights in this regard and setting options for protecting your privacy.

 

6. Addresses of the respective:

 

1. Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA for its own data policy and further information on data collection can be found here, here and here.
2. Twitter, Inc, 1355 Market St, Suite 900, San Francisco, California 94103, USA on its own privacy policy.
3. Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA for its own privacy policy.

 

7. We have integrated YouTube videos into our online offering, which are stored on http://www.YouTube.com and can be played directly from our website.

 

8. By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website.

 

9. For more information on the purpose and scope of data collection and processing by YouTube, please see the privacy policy. There you will also find further information about your rights and setting options to protect your privacy.

 

10. On this website we use the offer of Google Maps. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.

 

11. By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

 

12. For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider's privacy policy. There you will also receive further information on your rights in this regard and setting options for protecting your privacy. Google also processes your personal data in the USA.

 

13. Foleon: Digital Publications are also hosted by Foleon B.V., Transformatorweg 38-72, 1014 AK, Amsterdam, The Netherlands, email address: info@foleon.com. The hoster receives the above data as a processor. Foleon processes personal data solely for the purpose of storing the digital publications and/or forms created by or on behalf of the Foundation on its servers or those of third parties contracted by Foleon. The Processor will not process the Personal Data for any purpose other than that specified by the Foundation. Foleon's privacy policy can be found here: https://www.foleon.com/privacy-policy

 

14. Infogram: On our website are embedded graphics and statistics generated by the service "Infogram". These features are provided by Infogram, 450 Bryant Street, San Francisco, CA 94107, USA. When you visit a page on which an Infogram graphic is embedded, a direct connection is established between your browser and the third-party provider's server. Currently, it must be assumed that at least the IP address and device-related information are collected and used as a result. Likewise, there is the possibility that the service providers attempt to store cookies on the computer used. Infogram provides information about the use of data in its privacy policy: https://infogram.com/de/privacy.We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data as well as its use by Infogram.

 

15. Podigee Podcast Hosting: We use the podcast hosting service Podigee of the provider Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. The podcasts are thereby loaded by Podigee or transmitted via Podigee. The use is based on our legitimate interests, i.e. interest in a safe and efficient provision, analysis as well as optimization of our podcast offer. Podigee processes IP addresses and device information to enable podcast downloads/playbacks and to determine statistical data, such as call-up figures. This data is anonymized or pseudonymized before being stored in Podigee's database, unless it is necessary for the provision of the podcasts. Further information and objection options can be found in the privacy policy of Podigee https://www.podigee.com/de/about/privacy/.

 

16. Flickr: We use the service Flickr for the display of images. These functions are offered by Flickr, Inc.c/o SmugMug Limited, 3rdFloor, Chancery House, St. Nicholas WaySutton, England, SM1 1JB. By calling up a corresponding page, flickr receives the information that you have called up the corresponding page of our website. If you are logged in to flickr, flickr can assign the visit to your flickr account. For more information on the protection of your privacy, please refer to the privacy policy of flickr at https://www.flickr.com/help/privacy.

 

18. INFORMATION ON SPECIAL SERVICES

 

1. For sending e-mails and newsletters, our service provider may use the service Newsletter2Go. Your data will be transmitted to Sendinblue GmbH. Sendinblue GmbH is prohibited from selling your data and using it for purposes other than sending newsletters. Sendinblue GmbH is a German, certified provider, which was selected in accordance with the requirements of the General Data Protection Regulation and the Federal Data Protection Act.

 

2. You can find more information here: https://de.sendinblue.com/informationen-newsletter-empfaenger/?rtype=n2go

 

3. Emails and newsletters sent with the help of Newsletter2Go may use tracking technologies. We use this data in anonymized form to find out which topics are of interest to our customers by statistically tracking whether our emails or newsletters are opened and which links are clicked by our customers. We then use this information to improve our offerings.

 

19. DIRECT MARKETING

 

1. You can opt out of our mailing list at any time by clicking on the link provided at the footer of our emails. Our-opt out process will be simple and free of charge.

 

2. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of another service already signed up for.

 

20. YOUR RESPONSIBILITIES

 

1. You are responsible for the personal data you make available to the Foundation, and you must ensure it is accurate, honest, truthful, and not misleading in any way. You remain liable for any claims, damages or loss that may occur due to your provision to the Foundation of inaccurate information. You will be required to indemnify the Foundation for any third-party claims that may arise thereto.

 

2. You must also ensure that the personal data you provide the Foundation does not contain material that is obscene, defamatory, or infringing on any rights of any third party.

 

3. Further, if you provide any personal data concerning any other person, such as individuals you provide as references (“referee”), you are responsible for providing any notices and obtaining any consents necessary for the Foundation to collect and use that personal data before you provide the referee’s personal data to the Foundation.

 

4. Should you choose to withhold your personal data, for any reason whatsoever, the Foundation will be unable to provide you with the services requiring the personal data withheld.

 

21. UPDATES TO THIS PRIVACY POLICY

 

1. The Foundation reserves the right to amend or modify this Privacy Policy at any time. If we amend this Policy, you can access the most current version of the policy on our website. Any amendment or modification to this statement will take effect from the date of notification on our website. Your use of our website following an update means that you accept the revised Privacy Policy.

 

22. OUR CONTACT DETAILS

 

1. We welcome your questions, inquiries, comments, and concerns about privacy. If you have any questions about this Privacy Policy or our personal data processing practices, you can contact the Foundation using this email address fnf.kenya@freiheit.org.

 

2. The Foundation’s offices are located at: 121 United Nations Cresent, Nairobi, Kenya.

 

Your privacy is important to us!