Welcome to the Malteser International website. We are committed to ensuring the security and privacy of your data while you are using our website. We therefore would like to inform you about what personal data we collect when you visit our website and the purpose of its use.
§ 1 Controller and scope
The controller within the meaning of the Church Data Protection Regulation of the Religious Order of the Papal Right (KDR-OG) and other data protection regulations is:
Malteser Hilfsdienst e.V.
D-51103 Cologne, Germany
Authorized Representative: Dr. Elmar Pankau und Douglas Graf Saurma-Jeltsch
Telephone: +49 (0) 221/9822-7101
Fax: +49 (0) 221/9822-7498
Registered at: District court of Cologne (Amtsgericht Köln)
Registery number: VR 4726
Responsible for content according to §55 section 2 RStV:
Clemens Graf von Mirbach-Harff, Secretary General
The KDR-OG data protection policy can be found here.
§ 2 Data Protection Officer
The controller’s Data Protection Officer is:
Dr. Karsten C. Ronnenberg
50679 Cologne, Germany
§ 3 Principles of data processing
Personal data is any information that relates to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, phone number, date of birth, email address, IP address or user behavior. Information with which we cannot (or only with disproportionate effort) identify your person, for example, because of anonymization of the information, is not personal data. The processing of personal data (such as collecting, querying, using, storing or transmitting) always requires a legal basis or your consent. Processed personal data will be deleted as soon as the purpose of the processing has been achieved and no legally required retention requirements have to be adhered to.
Insofar as we process your personal data for the provision of certain services, we will inform you below about the specific transactions, the scope and purpose of the data processing, the legal basis for processing and the respective retention period.
§ 4 Individual processing operations
1. Provision and use of website
a. Type and scope of data processing
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a log file. When you use our website, we collect the following information that is technically necessary for us to display our website and to ensure its stability and security:
- IP address of the requesting computer,
- Date and time of access,
- Name and URL of the retrieved file,
- Website from which access is made (referrer URL),
- Browser used and, if necessary, the operating system of your computer as well as the name of your access provider
b. Legal basis
The legal basis for the data processing is § 6 (1) g KDR-OG. The processing of the aforementioned data is necessary for the provision of a website and thus serves to safeguard the legitimate interests of our company.
c. Storage time
As soon as the aforementioned data is no longer required for displaying the website, it will be deleted. The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is therefore no entitlement to objection on the part of the user. Further data storage may occur in individual cases if required by law.
a. Type and scope of data processing
You can subscribe to a free newsletter on our website. To be able to send you the newsletter regularly, we need the following information from you:
- Email address
- Any further information is voluntary and will be used to address you personally and to personalize the content of the newsletter as well as to be able to clarify questions regarding the email address. It is at your discretion whether or not you provide us with this data.
- None of your data will be transferred to third parties in connection with the newsletter mailing.
We use the double opt-in procedure for the newsletter distribution, in other words, we will only send you the newsletter if you confirm your registration by activating a link included in a confirmation email sent to you for this purpose. We want to make sure that only you as the owner of the specified email address can subscribe to the newsletter. Your confirmation must be activated promptly after receipt of the confirmation email, otherwise your newsletter subscription will be automatically deleted from our database. We use the double opt-in procedure for the newsletter distribution, in other words, we will only send you the newsletter if you confirm your registration by activating a link included in a confirmation email sent to you for this purpose. We want to make sure that only you as the owner of the specified email address can subscribe to the newsletter. Your confirmation must be activated promptly after receipt of the confirmation email, otherwise your newsletter subscription will be automatically deleted from our database.
b. Legal basis
The processing of your email address for the newsletter delivery is based on § 6 paragraph 1 b) KDR-OG and on your voluntarily granted consent as follows:
I can revoke my consent to the collection of personal data during the registration process at any time.
c. Storage time
Your email address will be saved as long as you are subscribed to the newsletter. After unsubscribing from the newsletter, your email address will be deleted. Further storage may occur in individual cases if required by law.
3. Facebook Lead Ads
a. Type and scope of data processing
b. Legal basis
The processing of your personal data (cf. § 4 3. a.) for the newsletter dispatch is based on the declaration of consent voluntarily submitted by you below, in accordance with § 6 para. 1 lit. b) KDR-OG:
Declaration of consent:
Yes, I consent to Malteser International using the "Lead Ads" function of Facebook Inc. to collect my first and last name as well as my email address. For this purpose, my data will be transmitted to Malteser International by Facebook Inc. By clicking the button "Confirm registration", I declare my consent to my above-mentioned e-mail address being used for a regular newsletter dispatch by Malteser International. I can unsubscribe from the newsletter service at any time by clicking on the corresponding "Unsubscribe" link at the end of the newsletter.
This consent is voluntary and can be revoked at any time with effect for the future. Apart from that, I can request information, correction, blocking, deletion and transferability of my data at any time. Further information on data processing can be found here.
c. Storage period
Your e-mail address will be stored as long as you have subscribed to the newsletter. You have the possibility to unsubscribe from the newsletter at any time. This can be done in the newsletter itself via the unsubscribe button or in the form of an e-mail to info(at)malteser-international.org.
After unsubscribing from the newsletter, your personal data will be deleted. Further storage may take place in individual cases if required by law.
4. Contact form
a. Type and scope of data processing
On our web pages we offer you to contact us via the forms provided. We collect this data in order to process your request and to be able to respond to you. During the use of the contact form, your personal data will not be passed on to third parties. to third parties.
b. Legal basis
The personal data requested in the contact form is processed in accordance with § 6 Paragraph 1 lit. c) KDR-OG to carry out pre-contractual measures.
c. Storage period
As soon as the inquiry you have made has been dealt with and the relevant issue has been conclusively clarified, the personal data processed via the contact form will be deleted. Further storage may take place in individual cases if this is required by law.
5. Online donations
a. Type and scope of data processing
If you wish to make a donation via the form on our website, it is mandatory that we collect and process your first and last name, your date of birth, your address, your IP address and the details of the account holder, the IBAN and the BIC/Swift. The date of birth is only used to safely exclude minors from online donations. On the one hand, the IP address is transmitted automatically by the system when our website is called up. On the other hand, we can regularly preset the donation form on the basis of the IP address if you call up the website from Germany or Austria.
If you voluntarily provide your e-mail address, we will process it in order to contact you personally and to clarify any queries.
If you wish to receive a donation receipt from Malteser Hilfsdienst e.V. (Germany), we will collect and process your address data to create and send you the donation receipt.
If you make a donation to Malteser Hospitaldienst Austria (Austria) using the donation form and would like to receive a donation receipt from them, we will transfer your aforementioned data to Malteser Hospitaldienst Austria (Austria). For more information on the processing of your data at Malteser Hospitaldienst Austria (Austria), please visit www.malteser.at/datenschutzerklaerung/.To process your donation, we work with an external service provider, Wikando GmbH, which provides the fundraising box. With the help of the fundraising box, we can accept payments via PayPal. If you pay by credit card, the transaction is handled by the external provider micropayment GmbH. Your personal data will be processed by Wikando GmbH and also by micropayment GmbH exclusively for the processing of your donation on our behalf and according to our instructions.
b. Legal basis
With the exception of the financial data, § 6 para. 1 lit. g) KDR-OG serves as the legal basis for the aforementioned data processing. The processing of the aforementioned data is necessary for the implementation of an online donation and thus serves to protect a legitimate interest of our company. The processing of your bank data is based on your voluntary declaration of consent in accordance with Section 6 (1) b) KDR-OG.
The processing of the IP address for the pre-selection of the country-specific donation form is necessary to facilitate the correct selection of the donation recipient or the creation of the donation receipt and thus serves to protect a legitimate interest of Malteser Hilfsdienst e.V. and Malteser Hospitaldienst Austria. The processing is based on § 6 para. 1 lit. g) KDR-OG.
c. Storage period
As soon as the data collected from you is no longer required to achieve the purposes described above, this information is deleted. Further storage may take place in individual cases if required by law.
6. HRpuls Applicant Management
a. Type and scope of data processing:
HRpuls is a software for applicant management, recording applicant data, managing applications as well as for communicating with applicants.
For these purposes we collect and process the following data from you:
- Name, contact details (address, email and phone number);
- Cover letter;
- Curriculum vitae (professional and personal qualifications, professional career);
if necessary, further voluntary information: e.g., photo, marital status, date and place of birth, nationality, religious affiliation.
b. Legal basis for data processing:
For the purpose of applicant management, we process your personal data on the basis of § 6, para. 1 c) KDR-OG for the purpose of carrying out pre-contractual measures in response to your request.
For the following purposes, we process your data exclusively on the basis of your voluntarily given consent according to § 6 para. 1 b) and § 8 KDR-OG:
- for internal forwarding if you seem suitable for another position in the Malteser network;
- for inclusion in the applicant pool if the application documents are suitable for future advertisements (application documents are retained beyond the specified retention period).
You can revoke your consent at any time without giving reasons and with future effect.
c. Storage period:
We store your data, which we process for the purpose of applicant management, for six months (§ 15, para. 4 General Equal Treatment Act - AGG), § 61b, Labor Court Act - ArbGG), unless the data is transferred to the personnel file in the event of success.
For internal forwarding for another position in the Malteser network as well as for storage in the applicant pool, we store your data until you revoke your consent.
As soon as the processing purposes cease to apply and there are no longer any legal storage periods, we delete your data in accordance with data protection regulations.
d. Forwarding of data:
We use your data exclusively for the purposes stated above. Your data will be passed on to HRpuls GmbH, the operator of HRpuls applicant management. We have concluded an order processing agreement with HRpuls GmbH in accordance with § 29 KDR-OG. Your data will only be forwarded to other third parties not mentioned here with your express consent.
§ 5 Disclosure of data
We only share your personal information with third parties if:
- you have granted your explicit consent in accordance with § 6 paragraph 1 b KDR-OG,
- if there is a legal obligation for the passing on of data according to § 6 paragraph 1 d KDR-OG,
- this is legally permissible and required to fulfill a contractual relationship with you according to § 6 paragraph 1 c KDR-OG,
- if, according to § 6paragraph 1 g KDR-OG the forwarding is required to maintain the legitimate interests of the controller and there is no reason to believe that you have a predominantly legitimate interest in not disclosing your data.
§ 7 Tracking and analysis tools
We use tracking and analysis tools to ensure continuous optimization and tailor-made design of our website. By utilizing tracking measures, we are able to statistically record the use of our website by visitors and further develop our online offer with the insights gained therefrom. Due to these interests, the use of the tracking and analysis tools described below is justified pursuant to § 6 paragraph 1 g KDR-OG. The following description of the tracking and analysis tools also includes the respective processing purposes and the processed data.
1. Google Analytics
The information generated by these cookies, such as the time, place, and frequency of your use of this website, is usually transmitted to and stored by Google on a server in the United States. When using Google Analytics, it is not excluded that the cookies set by Google Analytics can also collect other personal information in addition to the IP address. We point out that Google may transfer this information to third parties, if required by law or if third parties process this data on behalf of Google.
The information generated by cookies will be used by Google on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and Internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data according to Google.
You can generally prevent the storage of cookies by setting your browser software accordingly. However, we point out that in this case you may not be able to fully use all functions of this website.
It is not excluded that the cookies set by Google Analytics can collect other personal data in addition to the IP address. In order to prevent information about your use of the website from being collected by Google Analytics and transmitted to Google Analytics, you can download and install a plugin for your browser under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
This plugin prevents information about your visit to the website from being transmitted to Google Analytics. Any other analysis will not be prevented by this plugin.
An opt-out cookie will be installed in your browser by clicking this link. This prevents information about your visit to the website from being transmitted to Google Analytics. Please note that the opt-out cookie is only valid for this browser and only for this domain. If you delete the cookies in this browser, the opt-out cookie will also be deleted. To continue to prevent Google Analytics tracking, you must click the link again. The use of the opt-out cookie is also possible as an alternative to the above plug-in when using the browser on your computer.
In order to ensure the best possible protection of your personal data, Google Analytics has been expanded to include the code “anonymizeIp” on this website. This code causes the last 8 bits of the IP addresses to be deleted and your IP address to be recorded anonymously (IP masking). Your IP address will be truncated by Google generally within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and thereby anonymized before transfer. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
2. Google AdWords
We use Google AdWords technology, specifically conversion tracking. Google Conversion Tracking is an analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland („Google“). If you click an ad placed by Google, a conversion tracking cookie will be placed on your PC. The cookies are valid for 30 days and are not for personal identification. If you visit certain pages on our website, while the cookie has not yet expired, Google and we may recognize that you have clicked a specific ad and have been redirected to this page. Google AdWords customers will each receive a different cookie. Thus there is no way to track cookies through the websites of advertisers.
Conversion cookie data is used to generate conversion statistics for AdWords advertisers who use conversion tracking. Customers will be told the number of users who clicked their ad and were then redirected to a site with a conversion tracking tag. However, they do not receive any information that personally identifies users.
If you do not want to participate in conversion tracking, you can prevent this by changing the settings it in your browser, for example, in such a way that the installation of cookies is generally prevented. You can also disable cookies for conversion tracking by setting your browser to block only cookies from the web address “googleadservices.com”.
3. Google Remarketing
4. Google Signals
We have enabled Google Signals in Google Analytics. Google Signals is session data from websites and apps that the search engine associates with users who are logged into their Google account if you have allowed personalized advertising. You object to the use of the signals by opting out of personalized advertising.
5. Facebook Pixel
We use the tracking tool "Pixel" from Facebook Inc. on our websites. Malteser Hilfsdienst e.V. and Facebook Inc. are responsible for data processing. (Facebook Inc., 1601 S. California Ave, Palo Alto, California 94304, USA). Subject to your permission, the Pixel analytics tool collects information regarding your referral URL, browser attributes, page location, page type, document, referrer, pixel ID, Facebook cookies, button-click data, conversion data, any form data, and your Facebook ID. The tool also monitors your surfing behavior. Malteser International does not know these data in detail, so that Malteser International cannot establish a personal reference. This data is then matched with Facebook information and used by us to show you targeted advertising for our projects and donation appeals on the Facebook website. This means your personal data will be transferred to Facebook Inc. in the USA in accordance with the EU Commission's Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Pixel also tracks your visit to other websites. The personal data that Pixel collects about you is stored by us for a period of 30 days. You may object to future data processing at any time by activating this tool.
6. LinkedIn Insight Tag
§ 8 Use of YouTube videos
We use embedded YouTube videos in enhanced privacy mode. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland („Google“).
YouTube provides this enhanced privacy mode to ensure that YouTube does not store cookies with personally identifiable information on your computer. The IP address is transmitted when visiting the website and for embedding of the videos. This cannot be linked unless you have logged in to YouTube or another Google service before the page view, or are permanently logged in.
Once you start playing an embedded video by clicking it, the enhanced data protection mode on your computer will only save cookies to YouTube that do not contain personally identifiable information. These cookies can be prevented by appropriate browser settings and extensions (Source: YouTube “Enable advanced privacy mode for embedded videos”).
For more information on including YouTube videos, visit the YouTube Information page: https://support.google.com/youtube/answer/171780?hl=de
§ 9 Plugins
1. 2-click solution
Our website contains social media plugins of the social networks “Facebook” (Facebook Inc., 1601 S. California Ave., Palo Alto, California 94304, USA), “WhatsApp” (WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) and “Twitter” (Twitter, Inc., 1355 Market St., Suite 900, San Francisco, California 94103, USA). These services are offered by the respective companies (“providers”). As part of our website, the social plugins are identified by the service buttons proprietary to the respective provider. Based on the data transmitted via the social plugins to the respective service, the latter may assign these to your account. In order to increase the protection of your data on our website, the social plugins are integrated on our website by means of the “2-click solution.” This ensures that when you visit a page of our website that contains such social plugins, no automatic connection to the servers of the respective providers is made.
The function of the respective social plugin is activated in two stages. To activate a social plugin, you must first click the link on our website. This activates the social plugins and your browser connects to the servers of the respective provider. With a second click, you can now interact with the social plugin and, for example, submit your recommendation. If you are already logged in to one of the social networks of the providers, the providers can directly assign the visit of this website to your profile. If you interact with the social plugins by clicking, the corresponding information is also transmitted directly to a server of the provider and stored there. The information may also be posted on the social network and displayed there under your contacts. If you want to prevent such direct assignment of your data collected via our website to your profile, you must log out of your account of the respective provider before visiting our websites.
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA
b) WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland
c) Twitter Inc., 1355 Market St., Suite 900, San Francisco, California 94103, USA
§ 10 Hyperlinks
§ 11 Rights of data subjects
Pursuant to KDR-OG you, the data subject, are granted the following rights with regards to the processing of personal data:
- According to § 17 KDR-OG you can request information about your personal data processed by us. In particular, you may request information on the processing purposes, categories of personal data, categories of recipients to whom your data was or is being disclosed, the planned retention period, your rights to rectification, deletion, restriction of processing or objection, the existence of your right to lodge a complaint, the origin of your data, if it has not been collected by us, a transfer to third countries or to international organizations, as well as the existence of any automated decision-making including profiling and, if necessary, meaningful information on its details.
- According to § 18 KDR-OG you can immediately demand the correction of incorrect or the completion of your personal data stored by us.
- According to § 19 KDR-OG you can demand the deletion of personal data stored about you, insofar as the processing is not required for the exercise of the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or for assertion or exercise of, or defense against legal claims.
- According to § 20 KDR OG you can demand the restriction of the processing of your personal data, insofar as the correctness of the data is denied by you, the processing is unlawful, we no longer need the data and you refuse their deletion, because you require it for the assertion or exercise of or defense against legal claims. You are also entitled to certain rights under § 18 KDR-OG if you object to the processing of data in accordance with § 23 KDR-OG.
- According to § 22 KDR-OG, you may request to receive your personal data provided to us in a structured, common, and machine-readable format or you may request their transfer to another controller.
- According to § 8 Abs. 6 KDR-OG you can revoke the consent you once granted us at any time. As a result, we are not allowed to continue the data processing based on this consent in the future.
- According to § 48 KDR-OG you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters for this purpose. If you believe that your data has been unlawfully processed by the controller or that your “rights as the data subject” have been violated, please contact the following supervisory authority:
Data Protection Supervision
Mr. RA Dieter Fuchs
Wittelsbacher Ring 9
53115 Bonn, Germany
§ 12 Right to object
When your personal data is being processed based on legitimate interests in accordance with § 6 paragraph 1 g KDR-OG, you have the right to object to the processing of your personal data pursuant to § 23 KDR-OG, insofar as there are reasons for this arising from your particular situation or the objection is directed against direct ad mail. In the case of direct ad mail, you have a general right of objection, which will be implemented by us without specifying any particular situation.
§ 13 Data security and security measures
We undertake to protect your privacy and keep your personal information confidential. To avoid any manipulation, loss or misuse of your data stored by us, we take extensive technical and organizational security measures that are periodically reviewed and adapted to technological progress. This includes the use of recognized encryption methods (SSL or TLS). However, please note that due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned safeguards will not be observed by other persons or institutions outside our area of responsibility. In particular, unencrypted disclosed data, such as by email, can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him against misuse through the use of encryption or another method.
Last updated: August 2023