Last change: 19.08.2020
The aim of Compensators is to get as many people, companies and organizations as possible interested in the European Emissions Trading System and to encourage them to offset their emissions. Our goal is to develop the best possible technology that enables our supporters to offset their emissions while protecting their privacy and personal data.
Compensators processes personal data of its users only to the extent necessary to provide a functional website and our content and services.
Insofar as we obtain your consent for processing of personal data, Art. 6 para. 1 lit. the General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data which is necessary for the performance of a contract to which you are a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis.
The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU ordinances, laws or other regulations to which the person responsible is subject. Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
What data we collect, for what purpose, and how long we store the data
To be able to offer you the full range of Compensators we need some information. Here we describe which personal data we collect and process, how we use it and how long we store it. As soon as a membership application or donation form is filled out, Compensators creates an entry in a database. In the table below we have detailed the information that Compensators collects, depending on the activity on the site.
|Data collected||How we collect the data||For what purpose we collect the data||How long we keep the data|
|First name, surname, name of your company||Must be provided when filling out the donation form or the membership application||Donation management; administration of membership including the implementation of the membership relationship including membership fee check (Art. 6 Para. 2 lit. b GDPR), Public relations (Art. 6 Para. 1 lit. a GDPR)||Association members: 10 years Donation process: 10 years|
|Mailing address||A postal address must be provided when filling out the donation form or the membership application||Donation management; administration of membership including the implementation of the membership relationship including membership fee check (Art. 6 Para. 2 lit. b GDPR)||Deletion within one month after leaving the association or completing the donation process|
|E-mail address||When filling out the donation form or the membership application and when using the comment function in the blog area, an email address must be given||Donation management; (Art. 6 Paragraph 2 lit. b GDPR, Art. 6 Paragraph 2 lit. a GDPR)||Deletion within one month after leaving the association or processing the donation process|
|Telephone number (only from members)||A telephone number can be provided when completing the membership application||Ordinary and extraordinary contact with association members, this information is voluntary (Art. 6 Para. 1 lit. a GDPR)||Deletion within one month after leaving the association|
|Time and volume of donation||The time of a donation is the end of the donation process or the receipt of the donation. The amount of the donation must be specified in the donation form||Donation management; (Art. 6 Para. 2 lit. b GDPR)||Association members: 10 years Donation process: 10 years|
|Purpose of donations||When filling out the donation form, a purpose must be stated||Donation management; (Art. 6 Para. 2 lit. b GDPR)||Association members: 10 years Donation process: 10 years|
|Personal comment on the donation||A personal comment can be made when filling out the donation form||We use this voluntary information for public relations work on the association’s website (Art. 6 Para. 2 lit. a GDPR)||Deletion within one month after request|
|Bank details||In the case of a donation or membership fee payment by direct debit, bank details must be given||Donation management; administration of membership including the implementation of the membership relationship including membership fee check (Art. 6 Para. 2 lit. b GDPR)||Deletion within one month after leaving the association or ending the regular donation|
|Regular membership fee||When completing the membership application, a regular membership fee must be provided||Administration of membership including the implementation of the membership relationship including membership fee check (Art. 6 Para. 2 lit. b GDPR)||Deletion within one month after leaving the association|
|Time and amount of membership fees||By checking incoming payments, we control the timing and amount of contribution payments||Administration of membership including the implementation of the membership relationship including membership fee check (Art. 6 Para. 2 lit. b GDPR)||ten years|
|Date of joining or leaving the association||When completing the membership application or on the declaration of resignation, a date must be provided or it will be saved by our system||Administration of membership including the implementation of the membership relationship including membership fee check (Art. 6 Para. 2 lit. b GDPR)||ten years|
|Personal comment on joining the club||A personal comment can be made when completing the membership application||We use this voluntary information for public relations work on the association’s website (Art. 6 Para. 2 lit. a GDPR)||ten years|
|Information about the browser type and version used;The user’s operating system;The user’s IP address;Date and time of access;Websites from which the user’s system reached our website||Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer. The data is stored in the log files of our system. This data is not stored together with other personal data of the user||The storage in log files takes place in order to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place. (Art. 6 Para. 1 lit.f GDPR)||7 days|
|Username||When using the comment function on the club website, a user name can be given||We use this voluntary information for public relations work on the association’s website (Art. 6 Para. 2 lit. a GDPR)||ten years|
|Time at which comments were created||When using the comment function on the club website, the time of the comment is recorded||We use this voluntary information for public relations work on the association’s website (Art. 6 Para. 2 lit. a GDPR)||ten years|
Who can see the personal user data
In this section we explain who may receive user information when it is shared through our website or by Compensators itself. This site does not use third-party cookies, social media plug-ins, website analytics services, or advertising and marketing services.
Within the association, the board and the accounting department have access to personal user data of donors and members. All members of the association, who have handling of personal data are obliged to the confidential handling of personal data in writing. The handling of personal data of association members is regulated in the Compensators data protection regulations (xxx Link).
If you contact us by mail, e-mail or telephone, your request including all personal data will be stored and processed by Compensators for the purpose of processing your request. Compensators will not pass on this data without your consent.
Publication on the Internet
If you have agreed in the donation form to the publication of your name, the tons you have decommissioned, the date of decommissioning and, if applicable, your personal comment, this information can be seen by all visitors, including the media, search engines and other organizations that offer archival internet activities. The same applies if you agree to the publication of your name and personal comment in the membership application. If you do not want this information to be publicly displayed, you should not agree to it in the donation form or membership application.
For the comment function in the blog area of the club’s website, in addition to your comment, information about the time the comment was created, your e-mail address and, if you do not post anonymously, your chosen username will be saved. Your username, the time of your comment and your comment will be published on the website. If you do not want this data to be publicly displayed, you should not use the comment function.
Compensators would like to point out that sufficient technical measures have been taken to guarantee data protection. Nevertheless, comprehensive data protection cannot be guaranteed when personal donation or membership data is published on the Internet. Therefore, you acknowledge the risks of a possible violation of personal rights and are aware that: the personal data can also be accessed in countries that do not have data protection regulations comparable to those of the Federal Republic of Germany, and the confidentiality, integrity (inviolability), authenticity (genuineness) and availability of the personal data is not guaranteed.
You make the decision to publish your data on the Internet voluntarily and can revoke your consent to the association’s board at any time.
The organization website is hosted by an external service provider (Hoster). Provider of the hosting service is STRATO AG, Pascalstr. 10, 10587 Berlin. Personal data collected on this website is stored on the hoster’s servers.
The use of the hosting service is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).
Our hoster will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data. We concluded a contract for commissioned data processing with STRATO AG.
You can find information on data protection at STRATO AG at https://www.strato.de/datenschutz/.
On this website Compensators offer credit card, instant bank transfer and wire transfer payment methods using Stripe’s services. Provider for customers within the EU is Stripe Payments Europe, Ltd,1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”).
The transmission of your data to Stripe is based on art. 6 par. 1 letter b GDPR (processing for the purpose of fulfilling a contract) and on our legitimate interest in using reliable and secure payment processes (art. 6 par. 1 letter f GDPR).
On this website we offer payment via PayPal, among other things. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).
The transmission of your data to PayPal is based on art. 6 para. 1 lit. a GDPR (consent) and art. 6 para. 1 lit. b GDPR (processing for the performance of a contract). You have the possibility to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations in the past.
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our website. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The purpose of reCAPTCHA is to check whether the data input on our website (e.g. in the donation form) is done by a human being or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For analysis purposes, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place. The data processing is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting his web offers from abusive automated spying and from SPAM.
External fonts, Google Fonts, are used on these web pages. Google Fonts is a service of Google. The integration of these web fonts is done by a server call, usually a Google server in the USA. This transfers to the server which of our Internet pages you have visited. The IP address of the browser of the end device of the visitor to these Internet pages is also stored by Google.
This site uses so-called web fonts, provided by Fonticons, Inc., for the uniform representation of fonts. When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. For this purpose, the browser you use must connect to the servers of Fonticons, Inc. This allows Fonticons, Inc. to know that your IP address was used to access our website. The use of web fonts is in the interest of a consistent and attractive presentation of our online offers. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR. If your browser does not support web fonts, a standard font from your computer will be used.
Our website sometimes uses so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser on your next visit.
Your rights regarding privacy
Via email@example.com you can exercise the following rights at any time:
- Information about your data stored with us and its processing (Art. 15 GDPR)
- Correcting incorrect personal data (Art. 16 GDPR)
- Deletion of your data stored with us (Art. 17 GDPR)
- Restriction of data processing, provided that we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR)
- Objection to the processing of your data by us (Art. 21 GDPR)
- Data transferability, if you have consented to data processing or have concluded a contract with us (Art. 20 GDPR).
You may at any time submit a complaint to the supervisory authority responsible for you. Your competent supervisory authority depends on the federal state of your residence, your work or the suspected violation of the GDPR. You can find a list of the supervisory authorities at www.bfdi.bund.de.
Name and address of the responsible person
The responsible person in the sense of the GDPR and other national data protection laws of the member states as well as other data protection regulations is
Lasdehner Strasse 7
Responsible for compliance with data protection regulations is the board of directors according to § 26 BGB (German Civil Code).
We reserve the right to adapt this data protection declaration so that it always complies with current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration will then apply to your next visit.
If you have any questions regarding data protection, you can take a look at our data protection regulations or contact us at firstname.lastname@example.org.