Privacy Policy

If, in the course of our processing, we transfer data to other persons and companies (processors or third parties) or otherwise grant them access to the data, this will only be done on the grounds of a legal basis or your consent or if a legal obligation provides for this, for implementing contractual relationships we have with you or if we have a legitimate interest in the transfer of data (e.g. when using agents, web hosts, etc.). If we commission a processor with the processing of data on the basis of a contract, this is done on the basis of Article 28 GDPR.

Scope and purpose of processing:

When using the website for information purposes, i.e. simply viewing it without registering and without you providing us with any other information, we process the personal data that your browser transmits to our server. The data listed below is necessary for us for technical reasons in order to display our website to you and to ensure stability and security and therefore must be processed by us.

The following data is processed:

• IP address
• date and time of the query
• time zone difference from Greenwich Mean Time (GMT)
• content of the request (page visited)
• access status/http status code
• volume of data transferred
• previously visited page
• browser
• operating system
• language and version of the browser software.

Legal basis:

Legal basis is our legitimate interest according to Article 6(1)(f) GDPR. Storage of data: The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The data stored in the log files is deleted after 14 days, in special cases such as incorrect messages and warnings after a maximum of 8 weeks.

Storage of data:

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The data stored in the log files are deleted after 14 days, in special cases such as incorrect messages and warnings after a maximum of 8 weeks.

Scope and purpose of the data processing:

Our webpages sometimes use so-called cookies. These are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, trojans or other malware. The cookie stores information that is related to the specific device used. However, this does not mean that we gain immediate knowledge of your identity.

The use of cookies serves the purpose, on the one hand, of making the use of our website more pleasant for you. For example, we use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after leaving our site and after 24 hours. In addition, we also use temporary cookies to optimise user-friendliness. These are stored on your device for a certain defined period of time.

However, we do not use so-called tracking cookies with which user movements and the surfing behaviour of visitors to our website would be recorded and analysed.

Legal basis:

The data processed by cookies is required for the purposes mentioned above in order to safeguard our legitimate interests and those of third parties in accordance with Article 6(1)(f) GDPR.

Storage of data:

Generally speaking: Cookies are stored on your computer and transmitted by it to our website. Therefore, you as a user also have full control over the use of cookies.

Most browsers accept cookies automatically. You can set your browser in such a way that you are informed about the placement of cookies and either only allow cookies in individual cases, exclude cookies for specific events or generally, or automatically delete cookies when closing your browser. If cookies are deactivated, the functionality of this website may be limited. However, the complete deactivation of cookies may mean that you cannot use all functions of our website.

In addition to the purely informational use of our website, we offer various services that you can use if you are interested. These services and the data processing of your personal data are explained in more detail below.

In order to be able to use our services, you usually have to provide further personal data or we process such further data to perform the respective services.

The aforementioned data processing principles apply to all data processing purposes described here.

In some cases, we use external service providers to process your data. These are carefully selected by us, are bound by our instructions and are regularly inspected. If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the service description.

Scope and purpose of the data processing:

When you contact us by email or via a contact form, the data you provide (your email address, name and telephone number, if applicable) will be stored by us in order to answer your questions.

Legal basis:

The legal basis for the processing of data transmitted in the course of sending an email or using the contact form is Article 6(1)(f) GDPR. If the aim of the email contact is to conclude or perform a contract, an additional legal basis for the processing is Article 6(1)(b) GDPR.

We process the personal data from the email or contact form solely so we can contact you. This also constitutes the necessary legitimate interest in processing the data.

Storage of data:

We shall delete the data generated in this context if the enquiry is assigned to a contract, after the time limits for the term of the contract, otherwise after the storage is no longer required, or restrict the processing if there are legal obligations to retain data.

Scope and purpose of the data processing:

We only send newsletters, emails and other electronic notifications with promotional information (hereinafter referred to as "newsletter") with the consent of the recipients or with legal permission (e.g. in the case of official representatives in line with  our statutory mandate). Insofar as the content of the newsletter is specifically described in the context of a subscription, it is decisive for the consent of the user. In addition, our newsletters contain information on consumer policy and consumer-relevant topics from the content spectrum of this website.

Double-opt-in and logging:

In order to process data in the context of the subscription procedure, your consent is obtained and reference is made to this Privacy Policy. Subscription for our newsletter takes place in a so-called double-opt-in process, i.e. after registration you will receive an email in which you are asked to confirm your subscription. This confirmation is necessary to ensure that users only register with their own email addresses.

The subscriptions for the newsletter are logged, in order to be able to prove the registration process according to the legal requirements. This includes storing the login and confirmation times as well as the IP address. Changes to your data stored with the service provider responsible for sending the newsletter are also logged. After your confirmation, we store your email address for the purpose of sending you the newsletter.

Legal basis:

The legal basis for this is Article 6(1)(a) GDPR.

You can revoke your consent to receive the newsletter and unsubscribe at any time. You can revoke your subscription by clicking on the link provided in every newsletter email.

Storage of data:

Email address and subscription date are stored until the newsletter is unsubscribed. If there are several newsletter subscriptions for the same address, the email address and registration data for the subscriptions that still exist will remain stored until these are also unsubscribed. We will delete email addresses if they cannot be reached.

Categories of recipients:

We use an external service provider based in Germany to provide the newsletter service.

The newsletter is sent by Mailingwork GmbH, Schönherrstr. 8, 09113 Chemnitz.

Online access and data management:

There are cases where we direct newsletter recipients to the website of our delivery service provider. For example, our newsletters contain a link with which the newsletter recipients can view the newsletters online (e.g. in the event of problems displaying the newsletter in the email program).

Statistical survey and analyses:

The newsletters contain a so-called web beacon which is a pixel-sized file that is retrieved from the service provider's server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your operating system, as well as your IP address and the time of the retrieval are collected initially. This information is used to improve the services technically based on the technical data or the target groups and their reading behaviour.

The statistical surveys also include determining whether subscribers opened the newsletters, at what time they were opened and which links were clicked. This information is not assigned to individual newsletter recipients, but is only stored anonymously. The legal basis for the statistical analysis is our legitimate interest (Article 6(1)(f) GDPR) since the analyses serve to identify the reading habits of our users and to adapt our content to them.

Termination/revocation:

You can cancel your subscription to our newsletter at any time, i.e. revoke your consent. For this purpose, you will find a link to cancel the newsletter at the end of each newsletter.

Scope and purpose of the data processing:

On this website, we use the web analytics service Matomo to analyse and review the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user.

We operate Matomo in a version that does not require cookies. Therefore, no Matomo cookies are stored on your end device for the purpose of web analysis. To analyse website usage, we collect your IP address and information such as time stamps, websites visited and your language settings.

We store the information on our server and on the server of our joint editorial office (Gemeinschaftsredaktion), whose Matomo-account we use. The controller for data processing is the Verbraucherzentrale Nordrhein-Westfalen e. V., which is responsible for the overall appearance of the consumer organizations (Verbraucherzentralen). We have concluded an agreement with Verbraucherzentrale Nordrhein-Westfalen e. V. on joint controllership for data processing.

This website uses Matomo with the extension "AnonymizeIP". This means that IP addresses are processed in truncated form and direct personal reference is excluded. The IP address provided by your browser through Matomo will not be consolidated with other data we collect.

Legal basis:

The legal basis for the use of Matomo is Art. 6 para. 1 p. 1 lit. f DSGVO.

You can prevent the use of Matomo by removing the check mark on the following  site of our joint editorial office (Gemeinschaftsredaktion) and thus activating the opt-out plugin.

In this case, an opt-out cookie will be set in your browser that prevents Matomo from storing user data. If you delete your cookies, the Matomo opt-out cookie will also be deleted. The opt-out must be reactivated when you visit our site again.

Matomo is an open source project. Information on the provider's privacy policy can be found at matomo.org/privacy-policy/.

Scope and purpose of the data processing:

We have various profiles on so-called social media platforms. We operate profiles with the following providers:

• Twitter: Twitter Inc., One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, https://twitter.com/de/privacy
• YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, https://policies.google.com/technologies/product-privacy?hl=de and https://www.google.de/intl/de/policies/privacy.
• Instagram: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland, https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

We use the technical platform and services of the providers for these information services. Please note that you use our profiles on social media platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). When you visit our websites the providers of the social media platforms collect your IP address and other information that is available on your end device in the form of cookies. This information is used to provide us, as operators of the accounts, with statistical information about your interaction with us.

Third country transfer:

The data collected about you in this context will be processed by the platforms and may be transferred to countries outside the European Union, in particular the USA.

Google is certified under the EU-U.S. Data Privacy Framework and therefore offers an adequate level of data protection.

Twitter (X) states that it maintains an adequate level of data protection equivalent to that of the former EU-US Privacy Shield.

All of the aforementioned providers claim to maintain an adequate level of data protection equivalent to the former EU-US Privacy Shield. We do not know how the social media platforms use the data from your visit to our profile and interaction with our posts for their own purposes, how long this data is stored and whether data is passed on to third parties. Data processing may differ depending on whether you are registered and logged in to the social network or are visiting the site as a non-registered and/or non-logged-in user. When you access a post or the account, the IP address assigned to your end device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your end device can be used to track how you have moved around the internet. Buttons embedded in websites enable the platforms to record your visits to these websites and assign them to your respective profile. This data can be used to tailor content or advertising to you. If you want to avoid this, you should log out or deactivate the "stay logged in" function, delete the cookies on your device and restart your browser.

Legal basis:

Furthermore, we, as the provider of the information service, only process the data from your use of our service that you provide to us and that require interaction. For example, if you ask a question that we can only answer by email, we will store your information in accordance with the general principles of our data processing, which we describe in this Privacy Policy. The legal basis for the processing of your data on the social media platform is Article 6(1)(f) GDPR.

To exercise your data subject rights, you can contact both us or the provider of the social media platform. Where one party is not responsible for responding or needs to obtain the information from the other party, we or the provider will then forward your request to the relevant partner. Please contact the operator of the social media platform directly for questions about profiling and processing of your data when using the website. If you have any questions about the processing of your interaction with us on our site, please write to the contact details we have provided above.

The providers describe in their data protection declarations what information the social media platform receives and how it is used (see link in the list above). There, you will also find information on contact options as well as on the setting options for advertisements. You can also find more information on social networks and how to protect your data at www.youngdata.de.

Mastodon

We are also active on the decentralized social network Mastodon. The Mastodon account is operated and managed directly by us.

Our Mastodon account is located on the Mastodon instance of the Gemeinschaftsredaktion represented by Verbraucherzentrale Nordrhein-Westfalen e. V., Mintropstr. 27, 40215 Düsseldorf. Its privacy policy thus applies to our Mastodon account: https://verbraucherzentrale.social/privacy-policy

Scope and purpose of the data processing:

On our webpages, we offer link buttons or share buttons to various social networks and messenger services.

The buttons allow you to easily share our content with other users through the privacy-friendly solution "Shariff". That means: Only when you click one of the buttons to share content from our site will user data (your IP address, information about your surfing behaviour) be transmitted to the providers of the social networks/messengers.

• Facebook: Provider is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, https://de-de.facebook.com/about/privacy
• WhatsApp: Provider is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, https://www.whatsapp.com/legal/privacy-policy-eea
• Twitter: Provider is Twitter Inc., One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, https://twitter.com/de/privacy
• Signal: Provider is Signal Messenger, LLC 650 Castro Street, Suite 120-223 Mountain View, CA 94041, USA, https://signal.org/legal
• Threema: Threema GmbH, Churerstrasse 82, 8808 Pfäffikon SZ, Switzerland; https://threema.ch/de/privacy

Transfer to third countries:

If you click on a share button while logged into your respective account, the provider can assign the visit to our pages to your user account. Please note that we as the website host obtain no knowledge about the content of the transferred data or the use of such data by the respective provider. If you do not want the data collected via our website to be assigned to your respective social media account, you must log out of these accounts before visiting our website. If you want to completely prevent the transfer of data to the providers, you must also refrain from clicking the share buttons.

Please refer to the providers' privacy policies for information on the purpose and scope of data collection and the further processing and use of data by the providers, as well as your rights in this regard and setting options for protecting your privacy.

Please note that the data may be processed outside the European Union and that a different level of data protection may apply there.

Scope and purpose of the data processing:

We have embedded YouTube videos into our online offer which are stored on YouTube.com and can be played from our website by clicking on the preview images. The videos are all embedded in "enhanced data protection mode", which means that no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos by clicking on the preview image will the data mentioned in the next paragraph be transferred. We have no influence on this data transmission.

By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. Furthermore, the basic data that usually accrue when visiting a website are transmitted (e.g. IP address and time stamp). This occurs irrespective of whether YouTube makes a user account available that you have logged into or whether no user account exists. If you are logged into Google, your data will be directly associated with your account. If you do not wish the data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the targeted design of its website. Such a user assessment is carried out in particular (even for users who are not logged in) to provide targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.

Legal basis:

The legal basis for the display of the videos is Article 6(1)(a) GDPR which means that the video is only displayed with your consent.

Transfer to third countries:

The information collected is stored on Google servers, including in the USA. For these cases, the provider says it has imposed a standard on itself that is equivalent to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws when transferring data internationally. For more information on the purpose and scope of data collection and processing by YouTube, please see YouTube's privacy policy. There, you will also receive further information on your rights and setting options to protect your privacy: www.google.de/intl/de/policies/privacy.

Scope and purpose of the data processing:

When you send us a request for an interview, we collect the following data:

• Name
• Telephone number
• Press outlet
• Description of your request

We use the personal data to enable communication between you and the responsible contact person. If applicable, we may save your name, your press outlet and a keyword on the content of the conversation for documentation purposes.

Legal basis:

The legal basis for the processing of the data is Article 6(1)(f) GDPR.

Storage of data:

On our internal systems, the data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. When documenting interviews with journalists, this is the case when follow-up questions are no longer to be expected and the evaluation for statistical purposes has been carried out.

Scope and purpose of the data processing:

On some sub-pages of vzbv.de, vzbv offers an animated overview map of the advice centres run by the Consumer Associations in Germany. The map uses a Javascript code based on the Javascript library "HighMaps". This is hosted locally on verbraucherzentrale.de and made available by the operator of the website – Verbraucherzentrale NRW e.V., Mintropstraße 27, 40215 Düsseldorf – for use on vzbv.de. There is a joint responsibility agreement between Verbraucherzentrale NRW e.V and the Federation of German Consumer Organisations.

Legal basis:

Legal basis is our legitimate interest Article 6(1)(f) GDPR.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The data stored in the log files will be deleted by Verbraucherzentrale NRW e.V. after 30 days at the latest. Further information is available in the Privacy Policy of Verbraucherzentrale NRW e.V.: https://www.verbraucherzentrale.de/datenschutz

Scope and purpose of the data processing:

We also offer you the opportunity to register, on our website or in our newsletters, for events that we organise. We need to process your personal data in order to register you for these events and hold them.

You will receive detailed information on the events and the corresponding data processing separately for the individual events.

In principle, we process the following data for organising and carrying out events:

• First and last name
• Affiliation
• Postal address
• Email address

Data processing is necessary in order to enable you to participate in our events and to be able to plan and hold the event.

Legal basis:

The data processing is based on Article 6(1)(b) GDPR and otherwise on Article 6(1)(f) GDPR.

Insofar as the data processing is based on Article 6(1)(f) GDPR, our legitimate interest is the planning and hosting of the events.

During the events, there is also the opportunity to network with each other.

The legal basis for data processing for the purpose of networking between the participants of the event is your consent at an earlier point in time or a legitimate interest of vzbv according to Article 6(1)(a),(f) GDPR.
We may also take photographs and make films for the purpose of documenting our events.

The legal basis for taking photographs and film footage and the subsequent processing is § 23 section 1 no. 3 of the German Art Copyright Act (KunstUrhG).

Scope and purpose of the data processing:

We use the open source software of LimeSurvey GmbH, Barmbecker Straße 7a, 22303 Hamburg for online surveys. In order to provide the survey software LimeSurvey, vzbv uses the servers of hostNET Medien GmbH, Osterdeich 107, 28205 Bremen. When participating in the survey, the IP addresses of the users are not logged. Responses given by users in the survey will be evaluated anonymously and used exclusively for vzbv’s interest representation work. vzbv has no way of establishing a relationship between the answers and the participants' data. We use no other tracking technologies that could provide information about the identity of users.

Legal basis:

The legal basis for the data processing is our legitimate interest pursuant to Article 6(1)(f) GDPR. Our legitimate interest is to conduct surveys on consumer policy issues.

Note on cookies:

In order to preserve the processing statuses in the event of participation in an online survey, cookies (http session cookies) are stored, which are then deleted again after completion of the survey.

Storage of data:

The collected data is exported and processed. Only employees directly involved are granted internal vzbv access. The raw data on the survey system will be deleted no later than six months after completion of the survey. The internally stored data, excluding the evaluations created, will be deleted after twelve months at the latest.

Scope and purpose of the data processing:

We use the open source software of LimeSurvey GmbH, Barmbecker Straße 7a, 22303 Hamburg for online surveys. In order to provide the survey software LimeSurvey, vzbv uses the servers of hostNET Medien GmbH, Osterdeich 107, 28205 Bremen. When participating in the survey, the IP addresses of the users are not logged. Responses given by users in the survey will be evaluated anonymously and used exclusively for vzbv’s interest representation work. vzbv has no way of establishing a relationship between the answers and the participants' data. We use no other tracking technologies that could provide information about the identity of users.

Legal basis:

The legal basis for the data processing is our legitimate interest pursuant to Article 6(1)(f) GDPR. Our legitimate interest is to conduct surveys on consumer policy issues.

Note on cookies:

In order to preserve the processing statuses in the event of participation in an online survey, cookies (http session cookies) are stored, which are then deleted again after completion of the survey.

Storage of data:

The collected data is exported and processed. Only employees directly involved are granted internal vzbv access. The raw data on the survey system will be deleted no later than six months after completion of the survey. The internally stored data, excluding the evaluations created, will be deleted after twelve months at the latest.

You have the following rights towards a data controller with regard to personal data relating to you, provided that the legal requirements of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) are met in each case:

• Right of access (Article 15 GDPR),
• Right to rectification (Article 16 GDPR),
• Right to erasure (Article 17 GDPR),
• Right to restriction of processing (Article 18 GDPR),
• right to objection to processing (Article 21 GDPR),
• Right to data portability (Article 20 GDPR).

You also have the right to complain to the responsible data protection supervisory authority about our processing of your personal data.

The supervisory authority responsible for us is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
Visitor entrance: Puttkamerstr. 16 – 18
10969 Berlin
mailbox@datenschutz-berlin.de

If you have given consent to the processing of your data you can revoke it at any time. Such a revocation will affect the permissibility of the processing of your personal data after you have expressed it to us. The permissibility of processing your data until the time of your revocation remains unaffected.

Where we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if the processing is not necessary, particularly not for the performance of a contract with you, which we outline in each case in the description of the functions below. When exercising such an objection, please explain the reasons why you do not want us to process your personal data in the way we have done. In the case of your objection we will review the situation and either stop or adapt the data processing or show you our compelling legitimate grounds for continuing the processing.

You can of course object to the processing of your personal data for the purposes of advertising and data analysis at any time. The best way to exercise your objection to advertising is to contact us using the contact details provided above.

23.10.2023