Privacy Policy

We are CO2-compensated

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

I. Note on the responsible body

The controller responsible for data processing on this website is

vostel volunteering UG (haftungsbeschr├Ąnkt)
Elsenstra├če 82
12059 Berlin

Phone:
E-mail:

If you have any questions about data protection, you can contact us at any time using the contact details provided.

II. Data collection on our website

1. How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form.

Other data is collected automatically by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website.

2. Legal basis

2.1 Consent

If you have given us your consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent.

Any consent given can be revoked at any time with effect for the future.

Please note that the cancellation is only effective for the future. Processing that took place before the cancellation is not affected.

For a cancellation, please use the contact details given in Section I.

2.2 Performance of the contract, Art. 6 para. 1 sentence 1 lit. b GDPR

We also process your data for the fulfilment of our contractual obligations towards you or insofar as this is necessary for the implementation of pre-contractual measures that are carried out at your request.

2.3 Balancing of interests, Art. 6 para. 1 sentence 1 lit. f GDPR

Where necessary and permissible, we also process your data to protect our legitimate interests or those of third parties. Examples of this are

  • Assertion of legal claims and defence in legal disputes;
  • Guarantee of IT security;
  • Prevention and investigation of criminal offences;
  • Measures for business management and the further development of services and products.

2.4 Legal requirements, Art. 6 para. 1 sentence 1 lit. c GDPR or public interest, Art. 6 para. 1 sentence 1 lit. e GDPR

If we are legally obliged to process your data, processing will also take place on this basis. This may, for example, involve obligations to provide evidence to the tax office or other authorities.

3. Who receives my data?

Your personal data will not be transferred to third parties for purposes other than those listed in this privacy policy.

For the provision of this website and to fulfil other processing purposes mentioned in this privacy policy, your data will be passed on to technical service providers (e.g. hosting service providers, support, quality assurance or mail services), which we have of course carefully selected and commissioned in accordance with the law. These service providers are bound by our instructions, act on our behalf and are regularly monitored by us.

Unless otherwise stipulated in this privacy policy or unless we are legally obliged to do so, we will only transfer your personal data to third parties if you have given us your prior consent to do so.

4. Purpose of the processing

4.1 Visiting this website

If you use our website for information purposes only, we only collect and use the data that your Internet browser automatically transmits to us for the purpose of system security of temporary connection data by means of so-called log files. This data includes

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This information may also include details about your use of this website, including:

  • Clicks
  • Internal links
  • Visited pages
  • Scroll
  • Search processes
  • Timestamp

We do not use the above data to draw conclusions about your user behaviour or for other personal evaluations.

This data is not merged with other data sources.

On the basis of Art. 6 para. 1 sentence 1 lit. f. GDPR, we use the above data solely for the purpose of enabling you to access our websites and their content and to improve our website offering.

4.2 Registration on this website

You can register on our website in order to use additional functions on the site. We will only use the data you enter for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will refuse your registration.

In the event of important changes, for example to the scope of the offer or technically necessary changes, we will use the e-mail address provided during registration to inform you in this way.

The processing of the data entered during registration is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time. All you need to do is send us an informal email. The legality of the data processing that has already taken place remains unaffected by the cancellation.

The data collected during registration will be stored by us for as long as you are registered on our website and will then be deleted. Statutory retention periods remain unaffected.

4.3 Processing of data (customer and contract data)

We collect, process and use personal data voluntarily provided by you when you contact us (e.g. name and your email address) only insofar as it is necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data about the use of our website (usage data) only insofar as this is necessary to enable the user to utilise the service or to bill the user.

The customer data collected will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

4.4 Cookies

We use so-called cookies on our website. Cookies are small text files that are sent from our web server to your browser when you visit our website and are stored on your end device for later retrieval. When you return to our websites, the information stored on your device is sent back to us. This exchange of information serves to make our website more user-friendly and effective for you.

We use the following cookies that do not require consent:

Name Duration Purpose
_vostel_session Until the end of the browser session Session cookie, stores your login status and other data required for the vostel application to function.
remember_user_token 1 year after creation Cookie that enables the "Stay logged in" function, i.e. login beyond browser sessions.
website_tracking until 31 Dec 9999 23:59:59 GMT Saves the information as to whether the user has consented to the setting of cookies requiring consent.
hide_maintenance_message 24 hours after creation If a maintenance message is set on vostel.de, the user has the option of closing the message. This cookie is set so that the message is not displayed again the next time the page is reloaded.
_GRECAPTCHA 6 months after creation Risk analysis to avoid automated form entries.

These cookies are essential for the website to function and therefore do not require consent.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested are stored on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the storage of cookies for the technically error-free and optimised provision of our services. Insofar as other cookies (e.g. cookies for analysing your surfing behaviour) are stored, these are treated separately in this privacy policy.

We also use optional cookies for website analysis and tracking purposes. In the following sections, we describe in detail the analysis and tracking tools used on this website and the associated optional cookies.

We only use optional cookies with your prior consent (Art. 6 para. 1 sentence 1 lit. a GDPR). When you visit our website for the first time, a banner will appear in which we ask for your consent to the use of optional cookies.

If you give your consent to this, we will store a cookie on your computer and the banner will not be displayed again for the lifetime of the cookie. Thereafter, or if you actively delete this cookie beforehand, the banner will be displayed again the next time you visit our website in order to obtain your consent again.

You have not yet responded to the cookie banner.

4.5 Analysis tools

With the tracking measures listed below and used by us, we want to ensure a needs-based design and the continuous optimisation of our website. Your personal data will only be processed on the basis of any consent you may have given via our cookie banner in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and, insofar as an international data transfer to a third country takes place in which there are no adequate guarantees for the protection of your personal data, in accordance with Art. 49 para. 1 lit. a GDPR. If the processing is based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

The respective purposes of processing and categories of personal data are presented below in connection with the corresponding tracking tools:

a) Google Analytics

This website uses the analysis/tracking tool Google Analytics in the version Google Analytics 4 (GA4), a web analysis service of Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and other affiliated companies of Google LLC. ("Google").

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable your use of the website to be analysed. The information generated by the cookie about your use of this website is usually transmitted to a Google server and stored there; it may also be transmitted to the servers of Google LLC. in the USA.

The information is used to analyse the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.

According to Google's own information, no IP addresses are logged or stored in Google Analytics. Google only uses the IP address data to derive location data and deletes it immediately afterwards. According to Google, all IP addresses collected from users in the EU are therefore deleted before the data is stored in a data centre or server.

Your personal data is processed exclusively on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

You can also prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including the short-term collection of your IP address) and the processing of this data by Google by downloading and installing the browser add-on linked here to deactivate Google Analytics.

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link: Prevent collection by Google Analytics. An opt-out cookie will be set to prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

In the event that personal data is transferred to Google LLC. based in the USA, this is done in accordance with the adequacy decision issued by the EU Commission on the basis of Art. 45 GDPR, as Google is certified under the Data Privacy Framework. We have also concluded EU standard contractual clauses with Google that guarantee the security of personal data.

Further information on data protection in connection with Google Analytics can be found in the Google Analytics help centre and on Google's data protection in general at https://policies.google.com/privacy.

4.6 Other third-party services

With the additional third-party services listed below and used by us, we want to enable a user-friendly and secure use of our website. Your personal data will only be processed on the basis of any consent you may have given in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and, if an international data transfer to a third country takes place in which there are no sufficient guarantees for the protection of your personal data, in accordance with Art. 49 para. 1 lit. a GDPR. If the processing is based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

The respective purposes of processing and categories of personal data are described below in connection with the corresponding third-party services:

a) Google reCAPTCHA

We integrate the function for recognising bots, e.g. for entries in online forms ("reCAPTCHA") of Google Ireland Ltd (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and other affiliated companies of Google.

The purpose of reCAPTCHA is to check whether data is entered on our websites (e.g. in a contact form) by a human or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google and may also be shared with other third parties.

Website visitors are informed in the appropriate places when a reCAPTCHA analysis takes place.

Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, is processed exclusively on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR; the consent can be revoked at any time.

Here you can find more information about Google reCAPTCHA and Google's privacy policy.

b) Google Maps

We integrate the maps of the "Google Maps" service of Google Ireland Ltd (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and other affiliated companies of Google LLC. We use Google Maps to show you the locations of our volunteering offers. A transfer of data to a third country cannot be ruled out. To use the Google Maps function, a connection to Google's servers is established. This gives Google knowledge that our service has been accessed via the user's IP address. This information is usually transferred from your browser to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

Further information on the handling of user data can be found in Google's privacy policy.

Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in an appealing presentation of our online offers and in making it easy to find the places we have indicated on the website. If a corresponding consent has been requested, the use of Google Maps is based on Art. 6 para. 1 sentence 1 lit. a GDPR.

c) Google Places API Web Service

We use the Google Places API web service and the automatic address completion of Google Ireland Ltd (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA as well as other affiliated companies of Google LLC.

In order for us to receive this information from Google, the IP address and the content entered by the user is transmitted to Google. A connection to Google's servers is established for this purpose. As a result, Google becomes aware that our service has been accessed via the user's IP address. Google is used in the interest of simplifying the completion of input fields when entering addresses in our online offering. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR; the consent can be revoked at any time.

Further information on Google Places Api Web Services can be found in Google's privacy policy.

d) Mailjet

We use the provider Mailjet for sending emails, such as for the registration process, sign up and appointment confirmations, password recovery, but also for appointment reminders and feedback requests. The provider is Mailjet SAS, 13-13 bis, Rue de l'Aubrac - 75012 Paris, France or Mailgun Technologies Inc, 112 E Pecan Sr #1135, San Antonio, Texas 78205, USA. Mailjet is a service that can be used to organise and analyse the sending of e-mails. The data you enter for the purpose of receiving e-mails is stored on Mailjet's servers.

Our emails sent with Mailjet enable us to analyse the behaviour of email recipients. Among other things, we can analyse how many recipients have opened the message and how often which link in the message was clicked on. With the help of conversion tracking, we can also analyse whether a predefined action has taken place after clicking on the link in the emails.

Mailjet also allows us to divide email recipients into different categories ("segmentation") based on the data provided during registration. In this way, the emails can be better customised to the respective target groups.

If the e-mail is used to process and respond to a specific enquiry (e.g. confirmation of registration, sign up for a specific volunteering activity, password recovery), the data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR for the execution and/or preparation of the contractual or platform usage relationship that exists with you expressly or impliedly. In addition, the processing is based on Art. 6 para. 1 sentence 1 lit f GDPR: We have a legitimate interest in processing and responding to your enquiries. If you give us your consent, the data processing is otherwise based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

If data is transferred to the USA, this is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.mailjet.com/legal/dpa/.

The data you provide us with for the purpose of receiving emails will be stored by us until you unsubscribe and will be deleted from both our servers and Mailjet's servers after you unsubscribe. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

For more information, please refer to Mailjet's information on "Security and privacy" and Mailjet's privacy policy.

e) Amazon Web Services

We use the Amazon Web Services ("AWS") service of Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg or Amazon Web Services, Inc, P.O. Box 81226, Seattle, WA 98108-1226, USA (hereinafter "AWS").

The data is stored exclusively in a German data centre (Frankfurt/Main), which is certified in accordance with ISO 27001, 27017 and 2018 as well as PCI DSS Level 1. Of course, we have strictly limited access rights and the data is automatically encrypted. You can find more information about AWS and data protection at https://aws.amazon.com/compliance/eu-data-protection sowie unter https://aws.amazon.com/privacy/.

When you visit our website, your personal data is processed on the servers of AWS. Personal data may also be transferred to the parent company of AWS in the USA. Amazon.com, Inc. and certain US subsidiaries it controls, the Amazon Group Companies, as well as Amazon Web Services, Inc (together the Amazon Group Companies) participate in the EU-US Data Privacy Framework for the collection, use and storage of personal information from European Union member states. The Amazon Group Companies have certified to the U.S. Department of Commerce that they adhere to the Data Privacy Framework Principles.

For further information, please refer to the website of the Data Privacy Framework and the AWS privacy policy.

The use of AWS is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in displaying our website as reliably as possible. In the event that personal data is transferred to the Amazon Group companies based in the USA, this is done in accordance with the adequacy decision issued by the EU Commission on the basis of Art. 45 GDPR, as Amazon.com, Inc. is certified under the Data Privacy Framework.

f) MailChimp

This website uses the services of MailChimp to send newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp is a service that can be used to organise and analyse the sending of newsletters, among other things. If you enter data for the purpose of subscribing to the newsletter (e.g. email address), this data is stored on MailChimp's servers in the USA.

With the help of MailChimp, we can analyse our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (known as a web beacon) connects to MailChimp's servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you do not wish to be analysed by MailChimp, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.

The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and the MailChimp servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

You can find more details in MailChimp's privacy policy.

In the event that personal data is transferred to Rocket Science Group LLC, based in the USA, this is done in accordance with the adequacy decision issued by the EU Commission on the basis of Art. 45 GDPR, as Rocket Science Group LLC is certified under the Data Privacy Framework. In addition, we have concluded a so-called "Data Processing Agreement" with MailChimp, which corresponds to the standard contractual clauses, in which we oblige MailChimp to protect our customers' data and not to pass it on to third parties. This agreement can be viewed at the following link: https://mailchimp.com/legal/data-processing-addendum/.

g) HaveIBeenPwned.com

We use the API of HaveIBeenPwned.com (HIBP) to check your anonymised data for possible data leaks. HIBP is operated by Superlative Enterprises Pty Ltd, a public limited company incorporated in the State of Queensland, Australia (ABN 62 085 442 020). HIBP's services are hosted in the West US Microsoft Azure data centre. The service provides us with an overview of possible unauthorised processing of personal data by third parties. It is not possible for us to view the data stored there. The data is stored anonymised, in particular without names or identification. The data transmitted by us, on the other hand, is not stored. Only the result of our search (true/false) is transmitted to us, but using SSL encryption.

The data processing is carried out as a pre-contractual measure or for the fulfilment of the contract concluded with you on the basis of Art. 6 para. 1 lit. b GDPR.

Here you will find further information on data protection and the use of data by HIBP.

h) Social Media

In addition to this website, we also maintain presences in various social media, which you can access via the corresponding buttons on our website. If you visit such a presence, personal data may be transmitted to the provider of the social network. It is possible that, in addition to the storage of the specific data you enter in this social medium, further information may also be processed by the provider of the social network.

In addition, the provider of the social network may process the most important data of the computer system from which you visit it - for example, your IP address, the processor type and browser version used, including plug-ins. We would like to point out that users' personal data may be processed outside the European Union. This can result in risks for users because there is sometimes a lack of an adequate level of data protection (e.g. in the USA), making it more difficult to enforce users' rights, for example.

If you are logged in with your personal user account of the respective network while visiting such a website, this network can assign the visit to this account.

For the purpose and scope of data collection by the respective medium and the further processing of your data there, as well as your rights in this regard, please refer to the provisions of the respective controller:

Requests for information and the assertion of data subject rights can be asserted most effectively with the providers. This is because only the providers have access to the user's data and can take appropriate measures and provide information directly. However, we will of course support you if you still need help.

If you communicate directly with us via our fan pages on Facebook, Instagram or TikTok or share personal content with us, we are responsible for processing your data.

Please note that Facebook also processes your data when you use our fan pages for its own purposes, which are not described in this privacy policy. We have no influence on these data processing operations at Facebook. In this respect, we refer you to the data protection notices of the respective social networks:

An exception applies to data processing for usage analyses (Page Insights); we are jointly responsible for this with Meta Platforms Ireland Ltd (Facebook).

This data includes information about the types of content users view or interact with, or the actions they take as well as information about the devices used by users, e.g. IP addresses, operating system, browser type, language settings, cookie data (see under "What information do we collect?" in the Facebook Data Policy: https://www.facebook.com/privacy/policy/). As explained in the Facebook Data Policy under "How do we use your information?", Facebook also collects and uses information to provide analytics services, known as "Page Insights", for page operators to help them understand how people interact with their pages and the content associated with them. We have concluded a special agreement with Facebook ("Information on Page Insights", https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfil the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information about Page Insights Data".

As the provider of the information service, we also process the data from your use of our service that you voluntarily provide on the fan page (e.g. in a comment) for the purpose of responding to your enquiries, communicating with you and publishing information relating to the content offered on the Facebook pages or our company. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. b) and f) GDPR. The legitimate interest consists in the effective information of users, customers and interested parties and communication with these persons.

As co-responsible for the processing of personal data in the course of providing this content on Facebook, we assure you that we demonstrate the greatest possible degree of responsibility in accordance with the other declared contents of this data protection declaration with regard to the processing of personal data. However, we would also like to point out that we are not aware of the exact processing carried out by Facebook, neither in its full scope nor content, and are not subject to our influence.

III. Is data transferred to a third country or to an international organisation?

Data will only be transferred to third countries (countries outside the European Economic Area - EEA), except in the cases expressly mentioned in this privacy policy, if you have given us your consent. If such data transfer to third countries that do not have an adequate level of data protection is carried out by our processors and if your consent has not been obtained for this, this is done exclusively on the basis of the EU standard contractual clauses concluded between us and our processors in accordance with Art. 46 para. 2 lit c. GDPR and, if necessary, supplemented by additionally required clauses. GDPR and, if necessary, supplemented by additional necessary security measures ("safeguards") to protect your personal data. The EU Commission's standard contractual clauses are available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en at any time. In addition, data is transferred to third countries on the basis of Art. 45 GDPR, provided that the EU Commission has issued a corresponding adequacy decision and the data processor complies with its requirements.

IV. How long will my personal data be stored?

We will retain your personal data for as long as necessary to fulfil the processing purposes set out in this Privacy Policy.

Specific information in this privacy policy or legal requirements for the retention and deletion of personal data, in particular those that we must retain for tax reasons, remain unaffected.

V. What precautions do we take with regard to data security?

We have taken reasonable precautions to protect the personal data collected from loss, misuse, unauthorised access, disclosure, alteration or destruction, which includes contractual, administrative, physical and technical measures.

However, no data transmission over the Internet, particularly by e-mail, or any other network can be guaranteed to be 100% secure. Therefore, while we endeavour to protect information transmitted via this website, we cannot guarantee the security of such information. Data transmission is therefore at your own risk.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as login credentials. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

VI. What rights do you have with regard to your data?

1. Right to information

You have the right to request information from us at any time about the personal data concerning you that we process within the scope of Art. 15 GDPR. To do so, you can send a request by post or by email to the contact details given in Section I above.

2. Right to rectification of inaccurate data

You have the right to demand that we correct your personal data immediately if it is incorrect. To do so, please contact us using the contact details provided in section I above.

3. Right to cancellation

You have the right to demand that we erase the personal data concerning you under the conditions described in Art. 17 GDPR. In particular, these conditions provide for a right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an obligation to erase under Union law or the law of the Member State to which we are subject. To assert your right to erasure, please contact us using the contact details provided in Section I above.

4. Right to restriction of processing

You have the right to demand that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the period required to verify the accuracy and in the event that the user requests restricted processing instead of erasure in the event of an existing right to erasure; furthermore, in the event that the data is no longer required for the purposes pursued by us, but the user requires it for the assertion, exercise or defence of legal claims and if the successful exercise of an objection is still disputed between us and the user. To assert your right to restriction of processing, please contact us using the contact details provided in Section I above.

5. Right to data portability

You have the right to receive from us the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format in accordance with Art. 20 GDPR. To assert your right to data portability, please contact us using the contact details provided in Section I above.

6. Information about your right to object in accordance with Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6(1), including profiling based on those provisions.

Furthermore, you can object to the processing of your personal data for the purpose of direct marketing at any time - without giving reasons. This also applies to profiling insofar as it is associated with such direct marketing.

To exercise your right to object, please use the contact details listed in section 1.

7. Right of appeal

You also have the right to lodge a complaint with a supervisory authority.

VII. Do I have an obligation to provide data?

As part of our business relationship, you only need to provide the personal data that is required for the establishment, execution and termination of a business relationship or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or execute the order or will no longer be able to fulfil an existing contract and may have to terminate it.

Furthermore, it is necessary for us to request additional data in order to provide chargeable services and, for example, to process your desired payment method.

However, subject to the above, you are generally free to provide personal data.

VIII. To what extent is there automated decision-making in individual cases?

Automated decision-making processes based on personal data do not take place.

IX. Links to other websites

Where links are provided to other websites, we have neither influence nor control over the linked content and the data protection provisions there. When accessing linked websites, we recommend checking the data protection declarations of these websites in order to determine whether and to what extent personal data is collected, processed, utilised or made accessible to third parties.

X. Up-to-dateness and amendment of this privacy policy

This privacy policy is currently valid and was last updated in February 2024.

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. The current privacy policy can be viewed at any time on the website at https://vostel.de/en/data_privacy.