Privacy policy
1) Introduction and contact details of the controller
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we will inform you about how we handle your personal data when you use our website. Personal data is all data with which you can be personally identified.
1.2 The controller in charge of data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Malaika Kimya e.V., Georg-Rom-Weg 5, 6250 Kundl, Österreich, Tel.: +491626492881, E-Mail: info@malaika-kimya.de. The controller responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
2) Data collection when visiting our website
2.1 When you use our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to the site server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you reached the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)
Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.
2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.
3) Making contact
3.1 WhatsApp Business
We offer visitors to our website the opportunity to contact us via the WhatsApp messaging service provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We use the so-called “business version” of WhatsApp for this purpose.
If you contact us via WhatsApp on the occasion of a specific transaction (e.g. an order placed), we will store and use the mobile phone number you use on WhatsApp and - if provided - your first and last name in accordance with Art. 6 para. 1 lit. b. GDPR. GDPR to process and respond to your request. On the same legal basis, we may ask you to provide further data (order number, customer number, address or e-mail address) via WhatsApp in order to be able to assign your request to a specific process.
If you use our WhatsApp contact for general inquiries (e.g. about the range of services, availability or our website), we will store and use the mobile phone number you use on WhatsApp and - if provided - your first and last name in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the efficient and timely provision of the requested information.
Your data will only ever be used to respond to your request via WhatsApp. Your data will not be passed on to third parties.
Please note that WhatsApp Business receives access to the address book of the mobile device we use for this purpose and automatically transfers telephone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. To operate our WhatsApp Business account, we use a mobile device whose address book only stores the WhatsApp contact data of those users who have also contacted us via WhatsApp.
This ensures that every person whose WhatsApp contact data is stored in our address book has already consented to the transmission of their WhatsApp telephone number from the address books of their chat contacts in accordance with Art. 6 para. 1 lit. a GDPR when using the app on their device for the first time by accepting the WhatsApp terms of use. The transmission of data of such users who do not use WhatsApp and/or have not contacted us via WhatsApp is excluded in this respect.
For the purpose and scope of data collection and the further processing and use of data by WhatsApp, as well as your rights in this regard and settings options for protecting your privacy, please refer to WhatsApp's privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy
As part of the above-mentioned processing, data may be transferred to Meta Platforms Inc. servers in the USA.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
3.2 Personal data is collected when you contact us (e.g. via contact form or email). The data collected when a contact form is used can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration.
The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your request. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
4) Registration with the portal or forum
You can register on our website by providing personal data. Which personal data is processed for registration is determined by the input mask used for registration. We use the so-called double opt-in procedure for registration, i.e. your registration is not complete until you have confirmed your registration by clicking on the link contained in a confirmation e-mail sent to you for this purpose. If you do not confirm your registration within 24 hours, your registration will be automatically deleted from our database. Providing the above data is mandatory. You can provide all other information voluntarily by using our portal.
If you use our portal, we will store your data required for the fulfillment of the contract, including any information on the method of payment, until you finally delete your access. Furthermore, we store the voluntary data you provide for the duration of your use of the portal, unless you delete it beforehand. You can manage and change all information in the protected customer area. The legal basis is Art. 6 para. 1 lit. f GDPR.
In addition, we store all content published by you (such as public posts, bulletin board entries, guestbook entries, etc.) in order to operate the website. We have a legitimate interest in providing the website with complete user-generated content. The legal basis for this is Art. 6 para. 1 lit. f GDPR. If you delete your account, your public statements, especially in the forum, will remain visible to all readers, but your account will no longer be accessible. All other data will be deleted in this case.
5) Data processing for handling donations
We generally process the following personal data for the processing of donations that you may send us: First and last name, address, e-mail address.
We store your data together with the information on the amount, frequency and purpose of the donation and keep it for ten years.
Depending on the selected payment method, the above-mentioned data will also be forwarded to the payment service provider you have selected for the donation and processed there exclusively and only to the extent necessary to process your donation.
The above-mentioned processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR and serves exclusively to properly process your donation payment and record it in the accounts. The storage for a period of 10 years is based on Art. 6 para. 1 lit. c GDPR in conjunction with § 147 AO, according to which we are subject to a corresponding retention obligation regarding the business transaction.
6) Use of customer data for direct advertising
Registration for our email newsletter
If you register for our e-mail newsletter, we will send you regular information about our offers. The only mandatory information for sending the newsletter is your e-mail address. The provision of further data is voluntary and is used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you an e-mail newsletter if you have expressly confirmed to us that you consent to receiving the newsletter. We will then send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in future by clicking on a corresponding link.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When you register for the newsletter, we store your IP address entered by the Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data collected by us when you register for the newsletter will be used exclusively for the purpose of advertising by means of the newsletter. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to the controller named at the beginning. Once you have unsubscribed, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
7) Rights of the data subject
7.1 The applicable data protection law grants you the following data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the legal basis cited for the respective exercise requirements:
Right of access pursuant to Art. 15 GDPR;
Right to rectification pursuant to Art. 16 GDPR;
Right to erasure pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 GDPR;
Right to information pursuant to Art. 19 GDPR;
Right to data portability pursuant to Art. 20 GDPR;
Right to withdraw consent granted pursuant to Art. 7 para. 3 GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.
7.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA ARE PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
8) Duration of storage of personal data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and - if relevant - additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law).
When processing personal data on the basis of express consent in accordance with Art. 6 para. 1 lit. a GDPR, the data concerned will be stored until you withdraw your consent.
If there are statutory retention periods for data that is processed within the scope of legal or similar obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for contract fulfillment or contract initiation and/or we no longer have a legitimate interest in further storage.
When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until you exercise your right to object in accordance with Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object in accordance with Art. 21 para. 2 GDPR.
Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.