Welcome to the Malteser International website. We are committed to ensuring the security and privacy of your data while you are using our website. We therefore would like to inform you about what personal data we collect when you visit our website and the purpose of its use.
§ 1 Controller and scope
The controller within the meaning of the Church Data Protection Regulation of the Religious Order of the Papal Right (KDR-OG) and other data protection regulations is:
Malteser Hilfsdienst e.V.
D-51103 Cologne, Germany
Authorized Representative: Dr. Elmar Pankau und Douglas Graf Saurma-Jeltsch
Telephone: +49 (0) 221/9822-7101
Fax: +49 (0) 221/9822-7498
Registered at: District court of Cologne (Amtsgericht Köln)
Registery number: VR 4726
Responsible for content according to §55 section 2 RStV:
Clemens Graf von Mirbach-Harff, Secretary General
The KDR-OG data protection policy can be found here.
§ 2 Data Protection Officer
The controller’s Data Protection Officer is:
Dr. Karsten C. Ronnenberg
50679 Cologne, Germany
§ 3 Principles of data processing
Personal data is any information that relates to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, phone number, date of birth, email address, IP address or user behavior. Information with which we cannot (or only with disproportionate effort) identify your person, for example, because of anonymization of the information, is not personal data. The processing of personal data (such as collecting, querying, using, storing or transmitting) always requires a legal basis or your consent. Processed personal data will be deleted as soon as the purpose of the processing has been achieved and no legally required retention requirements have to be adhered to.
Insofar as we process your personal data for the provision of certain services, we will inform you below about the specific transactions, the scope and purpose of the data processing, the legal basis for processing and the respective retention period.
§ 4 Individual processing operations
1. Provision and use of website
a. Type and scope of data processing
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a log file. When you use our website, we collect the following information that is technically necessary for us to display our website and to ensure its stability and security:
- IP address of the requesting computer,
- Date and time of access,
- Name and URL of the retrieved file,
- Website from which access is made (referrer URL),
- Browser used and, if necessary, the operating system of your computer as well as the name of your access provider
b. Legal basis
The legal basis for the data processing is § 6 (1) g KDR-OG. The processing of the aforementioned data is necessary for the provision of a website and thus serves to safeguard the legitimate interests of our company.
c. Storage time
As soon as the aforementioned data is no longer required for displaying the website, it will be deleted. The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is therefore no entitlement to objection on the part of the user. Further data storage may occur in individual cases if required by law.
a. Type and scope of data processing
You can subscribe to a free newsletter on our website. To be able to send you the newsletter regularly, we need the following information from you:
- Email adress
- Any further information is voluntary and will be used to address you personally and to personalize the content of the newsletter as well as to be able to clarify questions regarding the email address. It is at your discretion whether or not you provide us with this data.
- None of your data will be transferred to third parties in connection with the newsletter mailing.
We use the double opt-in procedure for the newsletter distribution, in other words, we will only send you the newsletter if you confirm your registration by activating a link included in a confirmation email sent to you for this purpose. We want to make sure that only you as the owner of the specified email address can subscribe to the newsletter. Your confirmation must be activated promptly after receipt of the confirmation email, otherwise your newsletter subscription will be automatically deleted from our database.We use the double opt-in procedure for the newsletter distribution, in other words, we will only send you the newsletter if you confirm your registration by activating a link included in a confirmation email sent to you for this purpose. We want to make sure that only you as the owner of the specified email address can subscribe to the newsletter. Your confirmation must be activated promptly after receipt of the confirmation email, otherwise your newsletter subscription will be automatically deleted from our database.b. Legal basis
The processing of your email address for the newsletter delivery is based on § 6 paragraph 1 b) KDR-OG and on your voluntarily granted consent as follows:
I can revoke my consent to the collection of personal data during the registration process at any time.
c. Storage time
Your email address will be saved as long as you are subscribed to the newsletter. After unsubscribing from the newsletter, your email address will be deleted. Further storage may occur in individual cases if required by law.
3. Contact form
a. Type and scope of data processing
- Email address
- Surname, given name
- Mailing address
- Any other information is voluntary and will be used to address you personally and clarify any queries. It is at your discretion whether or not you provide us with this data.
Specifying your email address serves the purpose of being able to assign your request and respond to you. None of your personal data will be transferred to third parties when the contact form is used.
b. Legal basis
The data processing described above (see § 4 paragraph 5 a) has the aim of establishing contact and is based on § 6 paragraph 1 b KDR-OG and the following voluntarily given consent:
c. Storage time
As soon as your request has been handled and the relevant issue has been finally clarified, your personal data which was processed via the contact form will be deleted. Further storage may occur in individual cases if required by law.
4. Online donations
a. What information we collect and why we collect it
As a general rule, your personal data will not be used for any other purpose than those for which they were voluntarily provided to us.
When you make a donation on our webpage, Malteser International is obliged to gather personally identifiable information, such as your names and date of birth as well as IP address, bank information (BIC/SWIFT). The date of birth serves only to safely exclude minors from online donations. As with most sites, our server automatically logs your computer's IP address. If you are visiting our page from Germany or Austria, having your IP address allows us to make regular pre-settings for the donation form.
If you voluntarily give us your e-mail address, we can contact you personally in order to clarify any queries.
Upon request of a donation receipt from Malteser Hilfsdienst e.V. (Germany), we will collect and process your postal information.
When you make a donation to Malteser Hospitaldienst Austria (Austria) using the donation form and wish to receive a donation receipt, we will transfer your postal information to Malteser Hospitaldienst Austria (Austria). For further information on how Malteser Hospitaldienst Austria (Austria) collects and uses your data, please visit www.malteser.at/datenschutzerklaerung/.
When you make a donation on Malteser International’s website, your personal information and donation are processed by an external service provider, Wikando Gmbh (Fundraisingbox). Wikando GmbH (Fundraisingbox) is contacted by us and adheres to our instructions.
b. Legal basis
We collect personal data for the purpose of processing donations and contracts in accordance with § 6 para. 1 lit. c) KDR-OG as legal basis. This does not apply to the collection of IP addresses for the purpose of preset donation forms for donations to Malteser Hilfsdienst e.V. (Germany) or the Malteser Hospitaldienst Austria (Austria)
The processing of the IP address for the pre-selection of the country-specific donation form is necessary to facilitate the correct selection of the donee or the issuance of the donation receipt and thus serves the protection of a legitimate interest of Malteser Hilfsdienst e.V. and Malteser Hospitaldienst Austria. The processing is based on § 6 paragraph 1 lit. g) KDR-OG.
c. How long do we keep your data
We will only retain the information you provide to us for as long as is necessary for the purpose for which it was collected. We will delete this information personal data at the end of this period unless, if for tax or other reasons, deletion is prevented by the legal obligation to retain data.
5. Data Protection Policy HRpuls Applicant Management
a. Responsible party and scope of application
The responsible person in the sense of the Ecclesiastical Data Protection Regulation of the Order Community of Papal Law (KDR-OG) and other data protection regulations is:
Malteser Hilfsdienst e.V., Malteser International, Erna-Scheffler-Str. 2, 51103 Cologne (Phone: +49(0)221/9822-7101; E-mail: firstname.lastname@example.org), legally represented by the Executive Board.
b. Data Protection Officer
The external data protection officer of the controller is:
Dr. Karsten Kinast LLM, Attorney at Law, Kinast Rechtsanwaltsgesellschaft mbH, Hohenzollernring 54, 50672 Cologne, e-mail: email@example.com
c. Information on the scope of processing:
Nature and scope of data processing:
HRpuls is a software for applicant management, recording applicant data, managing applications as well as for communicating with applicants.
For these purposes we collect and process the following data from you:
- Name, contact details (address, email and phone number);
- Cover letter;
- Curriculum vitae (professional and personal qualifications, professional career);
- if necessary, further voluntary information: e.g., photo, marital status, date and place of birth, nationality, religious affiliation.
Legal basis for data processing:
For the purpose of applicant management, we process your personal data on the basis of § 6, para. 1 c) KDR-OG for the purpose of carrying out pre-contractual measures in response to your request.
For the following purposes, we process your data exclusively on the basis of your voluntarily given consent according to § 6 para. 1 b) and § 8 KDR-OG:
- for internal forwarding if you seem suitable for another position in the Malteser network;
- for inclusion in the applicant pool if the application documents are suitable for future advertisements (application documents are retained beyond the specified retention period).
You can revoke your consent at any time without giving reasons and with future effect.
We store your data, which we process for the purpose of applicant management, for six months (§ 15, para. 4 General Equal Treatment Act - AGG), § 61b, Labor Court Act - ArbGG), unless the data is transferred to the personnel file in the event of success.
For internal forwarding for another position in the Malteser network as well as for storage in the applicant pool, we store your data until you revoke your consent.
As soon as the processing purposes cease to apply and there are no longer any legal storage periods, we delete your data in accordance with data protection regulations.
An automatic decision-making including profiling does not take place with the responsible party.
d. Forwarding of data:
We use your data exclusively for the purposes stated above. Your data will be passed on to HRpuls GmbH, the operator of HRpuls applicant management. We have concluded an order processing agreement with HRpuls GmbH in accordance with § 29 KDR-OG. Your data will only be forwarded to other third parties not mentioned here with your express consent.
e. Rights of the data subject:
The KDR-OG gives you, as the person concerned, the following rights with regard to the processing of your personal data: the right to revoke your declaration of consent at any time with effect for the future (§ 8, para. 6 KDR-OG), the right to information (§ 17 KDR-OG), the right to correction (§ 18 KDR-OG), the right to deletion (§ 19 KDR-OG), the right to restriction of processing (§ 20 KDR-OG) and the right to data portability (§ 22 KDR-OG).
Furthermore, you have the right to complain to a supervisory authority (§ 48 KDR-OG). Please contact the data protection supervisory authority responsible for you:
Mr. Dieter Fuchs, RA, Wittelsbacherring 9, 53115 Bonn, e-mail: firstname.lastname@example.org
f. Data security and safeguarding measures:
We are committed to protecting your privacy and treating your personal data confidentially. In order to prevent manipulation or loss or misuse of your data stored with us, we take extensive technical and organizational security precautions, which are regularly reviewed and adapted to technological advancement.
§ 5 Disclosure of data
We only share your personal information with third parties if:
- you have granted your explicit consent in accordance with § 6 paragraph 1 b KDR-OG,
- if there is a legal obligation for the passing on of data according to § 6 paragraph 1 d KDR-OG,
- this is legally permissible and required to fulfill a contractual relationship with you according to § 6 paragraph 1 c KDR-OG,
- if, according to § 6paragraph 1 g KDR-OG the forwarding is required to maintain the legitimate interests of the controller and there is no reason to believe that you have a predominantly legitimate interest in not disclosing your data.
Our website uses various types of cookies, the nature and function of which are explained in more detail below.
a. Transient cookies
Our website uses transient cookies, which are automatically deleted when you close your browser. This type of cookie allows your session ID to be recorded. It allows different requests from your browser to be assigned to a shared session, and it is possible for us to recognize your device during later website visits.
b. Persistent cookies
Persistent cookies are used on our website. Persistent cookies are cookies that are stored in your browser for a longer period of time and that transmit information to us. The respective storage duration differs depending on the cookie. You can independently delete persistent cookies through your browser settings.
c. Required cookies
These cookies are required for technical reasons so that you can visit our website and use the functions offered by us. This applies, for example, to the following applications: Typo3
In addition, these cookies contribute to the safe and correct use of the website.
d. Performance-related cookies
These cookies enable us to carry out an analysis of usage of the website and to improve the performance and functionality of our website. For example, it collects information about how our website is used by visitors, which pages are accessed most frequently, or if error messages appear on certain pages. This applies, for example, to the following applications: Google Analytics
e. Cookies for marketing
Advertising cookies (third party providers) are used to display various offers that fit your interests. Among other things, these cookies can be used to track user’s web activities over a longer period of time. You may recognize the cookies on various devices you use.
The following third-party providers receive personal data via cookies integrated on our website: Google Tag Manager
2. Legal basis
Based on the described uses (see § 6. a), the legal basis for the processing of personal data using cookies is § 6 paragraph 1 g KDR-OG.
3. Storage timeAs soon as the data transmitted to us via the cookies is no longer necessary for the purposes described above, this information will be deleted. Further data storage may occur in individual cases if required by law.
4. Configuration of the browser settings
Most browsers are pre-set to accept cookies by default. However, you can configure your browser to accept only certain or no cookies at all. We point out, however, that you may not be able to use all functions of our website if cookies are deactivated on our website by your browser settings. Your browser settings also allow you to delete cookies already stored in your browser. It is also possible to set your browser to notify you before cookies are stored. Since the different browsers may differ in their respective functions, we recommend that you use the respective help menu of your browser for the configuration options.
If you would like a comprehensive overview of all third-party access to your Internet browser, we recommend the installation of specially developed plugins.
§ 7 Tracking and analysis tools
We use tracking and analysis tools to ensure continuous optimization and tailor-made design of our website. By utilizing tracking measures, we are able to statistically record the use of our website by visitors and further develop our online offer with the insights gained therefrom. Due to these interests, the use of the tracking and analysis tools described below is justified pursuant to § 6 paragraph 1 g KDR-OG. The following description of the tracking and analysis tools also includes the respective processing purposes and the processed data.
1. Google Analytics
The information generated by these cookies, such as the time, place, and frequency of your use of this website, is usually transmitted to and stored by Google on a server in the United States. When using Google Analytics, it is not excluded that the cookies set by Google Analytics can also collect other personal information in addition to the IP address. We point out that Google may transfer this information to third parties, if required by law or if third parties process this data on behalf of Google.
The information generated by cookies will be used by Google on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and Internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data according to Google.
You can generally prevent the storage of cookies by setting your browser software accordingly. However, we point out that in this case you may not be able to fully use all functions of this website.
It is not excluded that the cookies set by Google Analytics can collect other personal data in addition to the IP address. In order to prevent information about your use of the website from being collected by Google Analytics and transmitted to Google Analytics, you can download and install a plugin for your browser under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
This plugin prevents information about your visit to the website from being transmitted to Google Analytics. Any other analysis will not be prevented by this plugin.
An opt-out cookie will be installed in your browser by clicking this link. This prevents information about your visit to the website from being transmitted to Google Analytics. Please note that the opt-out cookie is only valid for this browser and only for this domain. If you delete the cookies in this browser, the opt-out cookie will also be deleted. To continue to prevent Google Analytics tracking, you must click the link again. The use of the opt-out cookie is also possible as an alternative to the above plug-in when using the browser on your computer.
In order to ensure the best possible protection of your personal data, Google Analytics has been expanded to include the code “anonymizeIp” on this website. This code causes the last 8 bits of the IP addresses to be deleted and your IP address to be recorded anonymously (IP masking). Your IP address will be truncated by Google generally within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and thereby anonymized before transfer. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
2. Google AdWords
We use Google AdWords technology, specifically conversion tracking. Google Conversion Tracking is an analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland („Google“). If you click an ad placed by Google, a conversion tracking cookie will be placed on your PC. The cookies are valid for 30 days and are not for personal identification. If you visit certain pages on our website, while the cookie has not yet expired, Google and we may recognize that you have clicked a specific ad and have been redirected to this page. Google AdWords customers will each receive a different cookie. Thus there is no way to track cookies through the websites of advertisers.
Conversion cookie data is used to generate conversion statistics for AdWords advertisers who use conversion tracking. Customers will be told the number of users who clicked their ad and were then redirected to a site with a conversion tracking tag. However, they do not receive any information that personally identifies users.
If you do not want to participate in conversion tracking, you can prevent this by changing the settings it in your browser, for example, in such a way that the installation of cookies is generally prevented. You can also disable cookies for conversion tracking by setting your browser to block only cookies from the web address “googleadservices.com”.
3. Google Remarketing
We use embedded YouTube videos in enhanced privacy mode. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland („Google“).
YouTube provides this enhanced privacy mode to ensure that YouTube does not store cookies with personally identifiable information on your computer. The IP address is transmitted when visiting the website and for embedding of the videos. This cannot be linked unless you have logged in to YouTube or another Google service before the page view, or are permanently logged in.
Once you start playing an embedded video by clicking it, the enhanced data protection mode on your computer will only save cookies to YouTube that do not contain personally identifiable information. These cookies can be prevented by appropriate browser settings and extensions (Source: YouTube “Enable advanced privacy mode for embedded videos”).
For more information on including YouTube videos, visit the YouTube Information page: https://support.google.com/youtube/answer/171780?hl=de
4. Facebook Pixel
We use the tracking tool "Pixel" from Facebook Inc. on our websites. Malteser Hilfsdienst e.V. and Facebook Inc. are responsible for data processing. (Facebook Inc., 1601 S. California Ave, Palo Alto, California 94304, USA). Subject to your permission, the Pixel analytics tool collects information regarding your referral URL, browser attributes, page location, page type, document, referrer, pixel ID, Facebook cookies, button-click data, conversion data, any form data, and your Facebook ID. The tool also monitors your surfing behavior. Malteser International does not know these data in detail, so that Malteser International cannot establish a personal reference. This data is then matched with Facebook information and used by us to show you targeted advertising for our projects and donation appeals on the Facebook website. This means your personal data will be transferred to Facebook Inc. in the USA in accordance with the EU Commission's Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Pixel also tracks your visit to other websites. The personal data that Pixel collects about you is stored by us for a period of 30 days. You may object to future data processing at any time by activating this tool.
§ 8 Plugins
1. 2-click solution
Our website contains social media plugins of the social networks “Facebook” (Facebook Inc., 1601 S. California Ave., Palo Alto, California 94304, USA), “WhatsApp” (WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) and “Twitter” (Twitter, Inc., 1355 Market St., Suite 900, San Francisco, California 94103, USA). These services are offered by the respective companies (“providers”). As part of our website, the social plugins are identified by the service buttons proprietary to the respective provider. Based on the data transmitted via the social plugins to the respective service, the latter may assign these to your account. In order to increase the protection of your data on our website, the social plugins are integrated on our website by means of the “2-click solution.” This ensures that when you visit a page of our website that contains such social plugins, no automatic connection to the servers of the respective providers is made.
The function of the respective social plugin is activated in two stages. To activate a social plugin, you must first click the link on our website. This activates the social plugins and your browser connects to the servers of the respective provider. With a second click, you can now interact with the social plugin and, for example, submit your recommendation. If you are already logged in to one of the social networks of the providers, the providers can directly assign the visit of this website to your profile. If you interact with the social plugins by clicking, the corresponding information is also transmitted directly to a server of the provider and stored there. The information may also be posted on the social network and displayed there under your contacts. If you want to prevent such direct assignment of your data collected via our website to your profile, you must log out of your account of the respective provider before visiting our websites.
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA
b) WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland
c) Twitter Inc., 1355 Market St., Suite 900, San Francisco, California 94103, USA
§ 9 Hyperlinks
§ 10 Rights of data subjects
Pursuant to KDR-OG you, the data subject, are granted the following rights with regards to the processing of personal data:
- According to § 17 KDR-OG you can request information about your personal data processed by us. In particular, you may request information on the processing purposes, categories of personal data, categories of recipients to whom your data was or is being disclosed, the planned retention period, your rights to rectification, deletion, restriction of processing or objection, the existence of your right to lodge a complaint, the origin of your data, if it has not been collected by us, a transfer to third countries or to international organizations, as well as the existence of any automated decision-making including profiling and, if necessary, meaningful information on its details.
- According to § 18 KDR-OG you can immediately demand the correction of incorrect or the completion of your personal data stored by us.
- According to § 19 KDR-OG you can demand the deletion of personal data stored about you, insofar as the processing is not required for the exercise of the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or for assertion or exercise of, or defense against legal claims.
- According to § 20 KDR OG you can demand the restriction of the processing of your personal data, insofar as the correctness of the data is denied by you, the processing is unlawful, we no longer need the data and you refuse their deletion, because you require it for the assertion or exercise of or defense against legal claims. You are also entitled to certain rights under § 18 KDR-OG if you object to the processing of data in accordance with § 23 KDR-OG.
- According to § 22 KDR-OG, you may request to receive your personal data provided to us in a structured, common, and machine-readable format or you may request their transfer to another controller.
- According to § 8 Abs. 6 KDR-OG you can revoke the consent you once granted us at any time. As a result, we are not allowed to continue the data processing based on this consent in the future.
- According to § 48 KDR-OG you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters for this purpose. If you believe that your data has been unlawfully processed by the controller or that your “rights as the data subject” have been violated, please contact the following supervisory authority:
Data Protection Supervision
Mr. RA Dieter Fuchs
Wittelsbacher Ring 9
53115 Bonn, Germany
§ 11 Right to object
When your personal data is being processed based on legitimate interests in accordance with § 6 paragraph 1 g KDR-OG, you have the right to object to the processing of your personal data pursuant to § 23 KDR-OG, insofar as there are reasons for this arising from your particular situation or the objection is directed against direct ad mail. In the case of direct ad mail, you have a general right of objection, which will be implemented by us without specifying any particular situation.
§ 12 Data security and security measures
We undertake to protect your privacy and keep your personal information confidential. To avoid any manipulation, loss or misuse of your data stored by us, we take extensive technical and organizational security measures that are periodically reviewed and adapted to technological progress. This includes the use of recognized encryption methods (SSL or TLS). However, please note that due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned safeguards will not be observed by other persons or institutions outside our area of responsibility. In particular, unencrypted disclosed data, such as by email, can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him against misuse through the use of encryption or another method.
Last updated: June 2019