Donate

Privacy Policy

Privacy Policy

Privacy Policy for Access International e.V.
Effective: 2025.02.06

A. Introduction

We, Access International e.V. (”Access-Int.”, “the Organization”, “we”, or “us”), take the protection of your personal data very seriously and hereby provide you with transparent information about the nature, scope, purpose, duration, and legal basis of the processing of your personal data in accordance with the EU General Data Protection Regulation (GDPR).

The processing is carried out solely on the basis of:

  • Article 6(1)(a) GDPR (consent)
  • Article 6(1)(b) GDPR (performance of a contract or pre-contractual measures)
  • Article 6(1)(c) GDPR (legal obligation)
  • Article 6(1)(f) GDPR (legitimate interests)

Your rights under Articles 15–22 GDPR, as well as further information, are detailed in the following sections.

B. Controller

The controller pursuant to Article 4(7) GDPR is:

Access International e.V.
Flughafenstraße
12053 Berlin
Germany

Email: info@access-int.org
Registered in the registry of associations of the local court Amtsgericht Charlottenburg
Registry number: VR 40140 B

C. Legal Bases and Categories of Data

1. Legal Bases

Your data is processed only if a legal basis under the GDPR exists (Article 6(1)(a), (b), (c), or (f) GDPR).

2. Categories of Data Processed

  • Server log files:
    – IP address (partially anonymized to a /24 subnet), browser type, operating system, date and time of access, referrer URL, transferred data volume, HTTP status codes.

  • Contact form data:
    – Name, email address, inquiry content, possibly telephone number, and IP address.

  • Payment data via PayPal (for donations):
    – Name, email address, donation amount, possibly additional contact details (e.g., address for donation receipts), and IP address.

D. Processors and External Service Providers

1. PayPal

For the processing of donations, we use PayPal. Data transmission to PayPal is executed using Standard Contractual Clauses pursuant to Article 46 GDPR and, where applicable, Binding Corporate Rules. Further details can be found in the current PayPal Privacy Policy at:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

2. WordPress Plugins

For the following plugins, we have concluded appropriate Data Processing Agreements (DPAs) in accordance with Article 28 GDPR:

  • Contact Form 7 (contact forms)
  • PixelYourSite (tracking, e.g., Meta Pixel, Google Analytics)
  • TranslatePress (multilingual display)

A complete list of the plugins in use and their respective processing purposes is provided in Section I.

3. International Data Transfers

If data is transferred to third countries outside the European Economic Area (EEA), this is done using Standard Contractual Clauses (SCCs) or other appropriate safeguards. We maintain a list of countries with EU adequacy decisions and the guarantee mechanisms used.

E. Website Visit

1. Server Log Files

When you visit our website, the following data is automatically collected in server log files (as described in Section C.2):

  • Name and URL of the accessed page
  • Referrer URL
  • Date and time of access
  • Browser type, language, and version
  • Operating system
  • IP address (partially anonymized to a /24 subnet, if technically feasible)
  • Transferred data volume and HTTP status codes

This processing is necessary to ensure the security and stability of our website (Article 6(1)(f) GDPR). Log files are typically deleted after 7 days; this period is reviewed regularly for technical necessity.

2. Contact

If you contact us via email, telephone, or through a contact form, we store your provided details for the purpose of processing your inquiry (based on Article 6(1)(b) or (f) GDPR).

F. Newsletter and Postal Communication

Newsletter

When you subscribe to our newsletter, we collect your email address and possibly additional contact details.

  • Legal Basis:
    – Article 6(1)(a) GDPR (if consent is provided) or
    – Article 6(1)(f) GDPR (if based on an existing business relationship).
    A documented opt-in procedure is used. You can unsubscribe at any time; upon unsubscribing, your data is either deleted or blocked.

Postal Communication

If your address or contact details are used for postal communications (e.g., donation appeals), this processing is based on our legitimate interest (Article 6(1)(f) GDPR) or with your consent (Article 6(1)(a) GDPR). You may object at any time.

G. Cookies, Tracking, and Consent

We use cookies on our website, which are divided into two categories:

1. Essential Cookies

These cookies are indispensable for the operation of the website and are set without your consent.

  • Retention: Depending on the function (e.g., session-based or persistent). For example, our _pys_session_limit cookie (set by the PixelYourSite plugin) lasts 1 hour; other cookies may last 7 days or as specified.

2. Analytical and Marketing Cookies

These cookies are set only after you have provided explicit opt-in.

  • Retention: Specific retention periods are defined for each cookie. For example:
    – The _ga and ga* cookies (used by Google Analytics) have a duration of 1 year, 1 month, and 4 days.
    – The _fbp cookie (used by Facebook) lasts 7 days.
    – Cookies set by PixelYourSite (e.g., pys_first_visit, pysTrafficSource, etc.) typically last 7 days.

Our consent management tool (e.g., CookieYes | GDPR Cookie Consent) documents your consents and enables you to revoke them at any time, in accordance with Article 6(1)(a) or (f) GDPR.

H. Use of Specific WordPress Plugins

The following WordPress plugins process personal data as described:

1. Communication and Interaction

  • Contact Form 7:
    Data Processed: Name, email address, inquiry content, and possibly IP address.
    Purpose: To provide a contact form for easy communication.
  • Newsletter Plugin:
    Data Processed: Email address and possibly name and other contact details.
    Purpose: To send and manage our newsletter.

2. Analysis and Optimization

  • PixelYourSite:
    Data Processed: IP address, cookie information, and usage data (e.g., visited pages, conversions).
    Purpose: To integrate tracking pixels (e.g., Meta Pixel, Google Analytics) for analyzing and optimizing our website performance.
  • Rank Math SEO:
    Data Processed: Metadata of posts/pages and possibly IP address (for API requests).
    Purpose: To improve the visibility of our website in search engines.

3. Website Functionality

  • TranslatePress:
    Data Processed: Translation content and possibly IP address (if external translation services are used).
    Purpose: To display our website content in multiple languages.
  • UpdraftPlus:
    Data Processed: All data stored in WordPress (including personal data) required for backups.
    Purpose: To perform data backups – daily backups with a 30-day retention period.
  • ValidateCertify Free:
    Data Processed: Verification code and possibly name and email address.
    Purpose: To validate and verify the authenticity of certificates.

4. Website Design and Administration

  • Elementor / WP File Manager:
    Data Processed: Usage and metadata during content editing; potentially all data stored in WordPress.
    Purpose: To design and manage our website.

For all the plugins mentioned above, appropriate Data Processing Agreements (DPAs) are in place pursuant to Article 28 GDPR.

I. Social Media Profiles

We operate public profiles on social networks (e.g., Facebook, Instagram, LinkedIn).

  • Joint Responsibility: In accordance with the ECJ ruling in Case C‑40/17, we share responsibility with the operators of these platforms.
  • Further Information: Please refer to the privacy policies of the respective platforms (e.g., Facebook Privacy Policy, Instagram Privacy Policy, LinkedIn Privacy Policy).
  • Consent Withdrawal: You may withdraw your consent directly on the respective platforms.
en_USEnglish
arالعربية en_USEnglish