Global Alliance – Cities for Children
2. Data processing by the cities4children.org website
2.1. Visiting our website
Our server temporarily records every visit to our website in a log file. Until the log file is automatically deleted, it records, among other things, the IP address from which you visited our site, the date and time of your visit, the name and URL of the file you viewed, the website from which you came (referrer URL), your computer’s operating system, the type and version of your browser as well as the country from which you visited our website.
These data are generally collected and processed in anonymised form and without personal reference for the purpose of enabling you to visit our website (connection establishment), ensuring sustained security and stability of the system and optimising our online service as well as for internal statistical purposes. The above-mentioned information is neither linked nor stored together with personal data.
It is only in the event of an attack on our network’s infrastructure or if we suspect any other prohibited or improper use of our website that a users’ IP addresses may be analysed for intelligence and defence purposes and, if necessary, used in criminal proceedings for identification as well as for civil and criminal actions against the users in question.
Our legitimate interest lies in the above-mentioned purposes according to Art. 6 Para. 1 lit. f) GDPR.
If you contact us (e.g. via the contact form, blog submission form, email, social media), your user data are used to process your contact request according to Art. 6 Para. 1 lit. b) (contractual or precontractual relationships) and Art. 6 Para. 1 lit. f) (other requests) GDPR. User data may be stored in a customer relationship management system (CRM system) or a comparable request management system. The statutory storage obligations apply.
If you do not wish to have cookies stored on your device, you can deactivate the corresponding setting options in your browser’s system settings. Stored cookies can also be deleted in your browser’s system settings. If you prevent or restrict the installation of cookies, not all of the functions on our site may be fully usable.
2.4.1. Newsletter dispatch
The information below refers to the content of our newsletter, the procedures for subscription, dispatch and statistical analysis as well as your right to object. By subscribing to our newsletter, you agree to receiving the newsletter and to the procedure described below. We dispatch newsletters, emails and other electronic messages containing advertisement information (hereinafter “newsletter”) only with your explicit consent or with legal permission. If the content of the newsletter is explicitly described in the subscription process, it is relevant for your consent. Furthermore, our newsletters contain information about our services and about us. Subscriptions to our newsletter are logged so that we can prove that the subscription process was carried out according to the legal provisions. This includes storage of the subscription and confirmation emails as well as your IP address. To subscribe to our newsletter, you only need to provide your email address. You also have the option to provide a name, country of residence, organisation and position so that we can address you personally in our newsletter. Dispatch of our newsletter and the corresponding performance measurement are executed on the basis of your consent according to Art. 6 Para. 1 lit. a) and Art. 7 GDPR. The subscription procedure is logged on the basis of our legitimate interest according to Art. 6 Para. 1 lit. f) GDPR. Our interest is focused on employing a user-friendly and secure newsletter system which serves our business interest whilst also complying with your expectations and allowing us to prove your consent. You can unsubscribe from our newsletter, that is, revoke your consent, at any time. There is a link for unsubscribing from the newsletter at the end of every newsletter. On the basis of our legitimate interest, we may store unsubscribed email addresses for up to three years before deleting them, in order to be able to prove a formerly given consent. Processing of these data is restricted to potential defence against claims. It is possible to make an individual deletion request if you confirm that consent had previously been given.
2.4.2 Newsletter dispatch provider: Mailchimp
You can find the provider’s data protection regulations here: https://mailchimp.com/legal/?_ga=2.234239966.1350642087.1617109986-1743459370.1599728911 The email marketing provider is employed on the basis of our legitimate interest according to. Art. 6 Para. 1 lit. f) GDPR and a processing contract according to Art. 28 Para. 3 (1) GDPR.
2.5 Hosting and email dispatch: HostPoint
You can find the provider’s data protection regulations here: https://www.hostpoint.ch/en/hostpoint/contact-gtc.html
The hosting services we use provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, email dispatch, security services as well as technical maintenance services, which we use to operate this online service. We and/or our hosting service provider process inventory data, contact data, content data, contractual data, usage data, meta and communication data of clients, interested parties and visitors to this online service on the basis of our legitimate interest in efficient and safe provision of this online service, according to Art. 6 Para 1 lit. f) GDPR, in conjunction with Art. 28 GDPR (conclusion of processing contract).
2.6 Collection of access data and log files
On the basis of our legitimate interest according to Art. 6 Para.1 lit. f) GDPR, we and/or our hosting service provider collect data on every access to the server on which this service is hosted (so-called server log files). The access data include the name of the accessed website, the file, the date and time at which you accessed the site, the data volume transmitted, a notification about successful access, the type and version of your browser, your computer’s operating system, the referrer URL (the website from which you came), your IP address and the provider from which you visited our site. Log file information is stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and is deleted afterwards. Data which need to be stored for a longer period of time for evidence purposes are exempt from deletion until the incident has been conclusively clarified.
2.7 Integration of third-party services and contents
On the basis of our legitimate interest (i.e. interest in the analysis, optimisation and economical operation of our online service according to Art. 6 Para. 1 lit. f) GDPR), we access third-party content or service offers within our online service to integrate their content and services, e.g. videos or fonts (hereinafter collectively referred to as “content”). This requires that the third-party providers of such content read your IP address, since they cannot send content to your browser without the IP address. Your IP address is thus required to display such content. We endeavour only to use content of providers which use your IP address merely to deliver said content. Third-party providers may also use so-called pixel tags (invisible graphics, also called web beacons) for statistical or marketing purposes. By using pixel tags, the providers can analyse information such as visitor traffic on the pages of this website. This pseudonymised information may also be recorded in cookies on your device and may contain, inter alia, technical information on your browser and operating system, referring websites, time of access as well as further information on your use of our online service, and may also be linked to information of this sort from other sources.
2.7.1 Google Analytics
2.7.2 Google Universal Analytics
We use Google Analytics in the Universal Analytics version. Universal Analytics is a version of Google Analytics which conducts user analysis on the basis of pseudonymised user IDs and thus creates a pseudonymised user profile with information from your use of different devices (so-called cross-device tracking).
2.7.3 Facebook Pixel, Custom Audiences and Facebook Conversion
Based on our legitimate interest in and for the purpose of analysis, optimisation and economical operation of our online service, we employ within our online service the so-called Facebook pixel of the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are resident in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Facebook”). Facebook is certified under the Privacy Shield Framework and thus guarantees compliance with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). With the help of the Facebook pixel, Facebook can add the visitors of our online service to certain target groups for ad display (so-called Facebook Ads). Accordingly, we use the Facebook pixel to display our Facebook ads only to those Facebook users who have shown interest in our online service or whose profiles have certain characteristics (e.g. interest in certain topics or products, as deduced from the websites they visited), which we transmit to Facebook (so-called Custom Audiences). With the help of the Facebook pixel, we would also like to ensure that our Facebook ads correspond to your potential interests and do not annoy you. The Facebook pixel furthermore helps us to trace the effect of Facebook ads for statistical and market analysis purposes by telling us whether you were referred to our website after clicking on a Facebook ad (so-called Conversion). Data processing by Facebook is based on Facebook’s data policy. You can find the corresponding general information about the display of Facebook ads in Facebook’s data policy: https://www.facebook.com/policy.php. Detailed information on the Facebook pixel and its function is available in Facebook’s help section: https://www.facebook.com/business/help/651294705016616. You can refuse data collection by the Facebook pixel and use of your data for the display of Facebook ads. To set your preferences regarding the types of ads displayed within Facebook, you can go to the Facebook settings site and follow the instructions on setting your preferences for usage-based ads: https://www.facebook.com/settings?tab=ads. These preferences are set independently of the platform used, i.e. they are adopted for all your devices such as desktop computers and mobile devices.
2.7.5 Facebook social plugins
3. Online presence in social media
4. Collaboration with processors and third parties
If we disclose or transmit your data to third persons and companies (processors or third parties) within our processing procedures or grant them access to your data otherwise, this is carried out solely on the basis of legal authorisation (e.g. if the transfer of data to third parties such as payment service providers is necessary for the performance of a contract according to Art. 6 Para. 1 lit b) GDPR), if you have given your consent, if a legal provision stipulates this, or on the basis of our legitimate interest (e.g. if we employ representatives, web hosts etc.). If we contract third parties to process data based on a so-called processing contract, this is based on Art. 28 GDPR.
5. Transfer to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs due to our employment of third-party services or disclosure and/or transmission of data to third parties, this only happens if it is carried out for the performance of our (pre)contractual obligations, based on your consent, due to a legal requirement or based on our legitimate interest. Subject to legal or contractual permissions, we only process data, or have them processed, in third countries if special conditions according to Art. 44 et seq. GDPR apply. This means that the data are processed, for example, on the basis of special guarantees such as the officially recognised establishment of an EU-appropriate level of data protection (e.g. for the USA by the Privacy Shield) or considering officially recognised special contractual obligations (so-called standard contractual clauses).
6. Security measures
In accordance with Art. 32 GDPR and taking into account the state of the art, the cost of implementation, the nature, scope, context and purposes of processing as well as the risks of varying likelihoods and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to provide a level of protection that is appropriate for the risk. These measures include, in particular, safeguarding confidentiality, integrity and availability of data by controlling physical access to the data as well as controlling access, input, and transfer of said data, securing data availability, and the separation of data. Moreover, we have established procedures to guarantee that data subjects can exercise their rights, that data are deleted and that we can react if data are at risk. We furthermore consider the protection of personal data already when developing or choosing hardware, software and procedures, according to the principle of data protection by technical design and by privacy-friendly default settings (Art. 25 GDPR).
7. Deletion of data
The data we process are deleted or their processing is limited in accordance with Art. 17 and Art. 18 GDPR. Unless explicitly stated otherwise in this data protection policy, we delete the data recorded once they cease to be required for their intended purpose and if no statutory storage obligations apply which contradict their deletion. If the data are not deleted because they are required for other, legally permissible purposes, their processing is restricted. This means that the data are locked and are not processed for other purposes. This applies, for instance, to data which need to be stored for commercial or fiscal reasons.
8. Rights of the data subjects
You have the right to obtain confirmation as to whether your personal data are being processed and to obtain information on these data as well as further information and a copy of the data according to Art. 15 GDPR. According to Art. 16 GDPR, you have the right to demand completion of incomplete personal data or rectification of inaccurate personal data. In accordance with Art. 17 GDPR, you have the right to obtain immediate erasure of your personal data, or alternatively, in accordance with Art. 18 GDPR, to obtain restriction of processing. You have the right to receive your personal data which you have made available to us according to Art. 20 GDPR and to demand transmission of these data to other controllers. You furthermore have the right to lodge a complaint with a supervising authority according to Art. 77 GDPR.
8.1 Withdrawal of consent
You have the right to withdraw your given consent according to Art. 7 Para. 3 GDPR, taking effect for future processing.
8.2 Right to object
You can object future processing of your personal data at any time, according to Art. 21 GDPR. In particular, you have the right to object to processing for direct marketing purposes.
Last update: March 2021