Data protection

Information on data protection at BiKoop e.V.

The protection of your personal data is very important to us. You can count on us!

BiKoop e.V., like every organization and every company, is subject to the legal requirements according to the Federal Data Protection Act and the EU General Data Protection Regulation (DSGVO). We take these requirements and obligations very seriously.

Beyond the legal basis, it is a matter of course for BiKoop e.V. to handle personal data in a politically conscious and prudent manner. We do everything to protect the privacy of our members, donors, activists, interested parties and customers and to ensure the security of their personal data. This also includes deleting all personal data as soon as possible.

Here you will find a list of all relevant information for you as a user, in accordance with the requirements of the DSGVO (General Data Protection Regulation of the EU); in addition, we will provide you with further information about our handling of personal data.

A) Information on data protection in accordance with art. 13 DSGVO (General Data Protection Regulation).

1. General information
The General Data Protection Regulation (GDPR), which entered into force on May 25, 2018, is an EU-wide regulation that governs the processing of personal data. This is intended to ensure the protection of personal data in the European Union.
The protection of your data and your privacy is very important to us. We process your personal data exclusively in accordance with the legal requirements.

2. Responsible party
The responsible party for the processing of your personal data is BiKoop e.V., c/o Rhony Bajohr, Michaelisstr. 26, 99084 Erfurt, Germany. Phone number: 069 900 281 40, e-mail: info(at)bikoop.de.

3. Purposes of processing
We process the personal data provided by you for the following purposes:
a) If you would like to become a member of BiKoop e.V., we process your personal data to initiate, implement and terminate the membership relationship; legal basis: art. 6 para. 1 (b) DSGVO.
b) If you would like to request information from us, we will process your contact data in order to provide the requested information within the scope of your consent; in addition, we will send you four Attac newsletters and four information/donation letters in order to protect our legitimate interests in regular notification of our current work, which serve to promote the statutory purposes of the association; legal basis: art. 6 para. 1 (f) DSGVO
c) If you would like to order goods in the webshop operated by us, we process your data for the initiation, execution and termination of the purchase contract; legal basis: art. 6 para. 1 (b) DSGVO
d) If you would like to make a donation to BiKoop e.V., we will also process your data for the initiation, execution and termination of the donation contract; legal basis: art. 6 para. 1 (b) DSGVO
e) If you would like to subscribe to a newsletter, we will process your e-mail address in accordance with your consent; legal basis: art. 6 para. 1 (b) DSGVO
f) If you would like to participate in a bed exchange operated by us for an event, we process your data in accordance with the contract; legal basis: art. 6 para. 1 (b) DSGVO
g) If you would like to participate in a carpooling exchange operated by us for an event, we will process your data in accordance with the contract on the legal basis: art. 6 para. 1 (b) DSGVO
h) If you wish to participate in an electronic voting system operated by us, we will process your data in accordance with the contract on the legal basis: art. 6 para. 1 (b) DSGVO.
Any processing going beyond the aforementioned purposes, in particular the transfer of your personal data to third parties, will only take place if you have expressly consented to this or if we are obliged to do so by law or by court order (art. 6 para. 1c DSGVO).
h) If you wish to participate in a petition/collection of signatures operated by us, we will process your data in accordance with your consent on the legal basis: art. 6 para. 1 (a) DSGVO.

4. recipients of your data
Your personal data is maintained and processed by us, and we pay comprehensive attention to all data protection concerns.

Service providers (order processors according to art. 28 DSGVO) may receive your data (such as a lettershop or an IT service provider). All of our service providers process data on an order basis exclusively within Germany and are contractually obligated to take appropriate technical and organizational measures to ensure the protection of your data, as well as to maintain data secrecy. Data processing in a so-called third country does not take place.

5. Duration of storage and deletion of data
Your data will only be stored for as long as it is required for the aforementioned purposes, or for as long as legal retention periods oblige us to store it.
a) If your membership has been terminated, your data will be blocked from further processing and use until we delete it. The date of deletion takes into account legally prescribed retention obligations.
b) If your consent has been terminated by opposition or by expiry of the one-year period (for sending information on our part), your data will be blocked for further processing and use until we delete it. The date of deletion takes into account legally prescribed retention obligations.
c) If you have ordered goods from us, we will delete your personal data after the contractual relationship has ended and there are no longer any statutory retention obligations.
d) If you have made a donation to us, we will delete your personal data after the contractual relationship has ended and there are no longer any legal retention obligations.
e) If you stop receiving a newsletter by unsubscribing, your e-mail address will be deleted unless there is another basis for processing this personal data, for example, if a membership exists (see above).
f) If you have participated in a bed exchange operated by us for an event, we will delete your data after the end of the event with a grace period of one month.
g) If you have participated in a carpool exchange operated by us for an event, we will delete your data after the end of the event with a grace period of one month.
h) If the purpose of processing your data determined by your consent has ended (termination of petition/signature collection/electronic voting), we will delete your data after two months at the latest.

6. No profiling
We do not process your personal data for profiling purposes. As a matter of principle, we do not use automated decision-making to establish and implement the contractual relationship.

7. Consequences of not providing us with your personal data
Of course, you are not obliged to provide us with your data at any time. However, we only ask you for the most necessary data in our forms - if we do not have this available, we cannot fulfill your requests (membership, newsletter, donations, etc.).

8. Your rights
Data protection law provides for extensive data subject rights, which we guarantee at every stage of data processing. You can exercise the following rights by informally notifying us.
Information, correction, deletion, etc.
You have the right to information about the data we have stored about you, the right to correction or deletion of your data, the right to restriction of processing and the right to data portability.
Right of revocation
If the processing of your personal data is based on consent, you have the right to revoke this consent at any time. The legality of the data processing carried out until the revocation is not affected by this.

Right of complaint to a supervisory authority
In addition, you have the right to lodge a complaint with the competent data protection supervisory authority.

B) Data processing when using "BigBlueButton"
Scope of data processing
When you use the "BigBlueButton" service provided by Attac to conduct video conferences, online meetings and webinars, we process the following data from you:

1. User details: first name, last name, nickname (pseudonym), user ID.
2. Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information.
3. Meeting content data: Audio, video and, if applicable, text (chat) data of utterances you make during a meeting
4. Meeting recordings: By default, audio or video recordings of the events will have the participants* cameras turned off. Questions from the audience are asked via chat, so there is no audio or video of the participants. Should this be the case, the participants will be informed and given the opportunity to give their consent (in the chat, so that the consent can be documented via screenshot).

Purposes of the data processing
The purpose of processing your personal data mentioned above is to be able to provide you with "BigBlueButton" as a tool for conducting video conferences, online meetings and webinars and to be able to realize the event formats mentioned via "BigBlueButton".
Legal basis for the processing of personal data
Insofar as we obtain your consent for processing operations of personal data in the context of the use of "BigBlueButton", art. 6 (1) lit. a DSGVO serves as the legal basis for the processing of personal data.

Other recipients of your personal data
Your personal data, collected during the use of "BigBlueButton" will be passed on to the following recipients:
Recipients within Attac: None
Recipients outside Attac: Our BBB provider: minuskelscreenpartner GmbH
Minuskel Screenpartner GmbH hosts our BBB on a secure server. There, Minuskel stores the IP addresses of the users for a maximum of one week, and then deletes them automatically. The anonymized and shortened IP addresses of the users are deleted after 4 weeks at the latest.

Duration of storage of personal data
Your personal data that we process in the context of your use of the video conferencing software "BigBlueButton" will be deleted by Attac in principle after each event, or longer if consent was given for a recording. The consent can be withdrawn at any time.

Notice:
Attac Germany, as the organizer, expressly prohibits the storage, forwarding, or processing of personal data from the events we realize on BBB. This includes video and audio recordings, as well as written statements in the chat.
In the event that the organizer wishes to make recordings themself, they must obtain the consent of all participants. This consent must be given in writing, in the chat or in the notes.

C) Further information on data protection at BiKoop e.V.
BiKoop e.V. does not store any personal data, except for those processes that explicitly require it, and even then only with your consent (donate, become a member, send info, etc.), or within the framework of legal requirements. If you actively provide us with personal data, your data will be stored, the storage will be in electronic form in a protected database on protected servers.
Only individual BiKoop e.V. employees have access to the personal data. The data will only be used for the purposes stated by the users. BiKoop e.V. does not create any user profiles.
All personal data is transferred via an SSL connection by default. SSL guarantees secure and encrypted data transmission that is not accessible from the outside (recognizable by the "s" in "https://" in the address line of the web browser). For e-mails, we cannot guarantee the security of the data sent on the transmission path.

BiKoop website
To analyze the use of the BiKoop website, we use Piwik (Matomo), an open source web analytics service that we run on our own secured server. Our analysis program uses so-called cookies - text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including your IP address) is stored only on our server. We use this information exclusively to evaluate the use of our website in pseudonymized form. We do not pass on any data to third parties.
Our web hoster does not store any data from the users of our websites.
For the search function on the BiKoop website, we use a specially developed search engine that does not store any user data (IP address, browser, time, etc.).

External web services
We use the provider YouTube (Google) / Google to embed videos. Normally, when you call up a page with embedded videos, your IP address is already sent to YouTube and cookies are installed on your computer. However, we have embedded our YouTube videos with the extended data protection mode (in this case, YouTube still contacts Google's Double Klick service, but according to Google's privacy policy, personal data is not evaluated in the process). This means that YouTube no longer stores information about visitors unless they watch the video. If you click on the video, your IP address is transmitted to YouTube and YouTube learns that you have watched the video. If you are logged in to YouTube, this information is also assigned to your user account (you can prevent this by logging out of YouTube before viewing the video). We have no influence on the use of your data by YouTube. Information about data protection at YouTube can be found in their privacy policy at https://policies.google.com/privacy?hl=en

For the spreading and communication of our topics and content, we also use the news service Twitter. Twitter uses technologies to collect information about users. We have no influence on the use of your data by Twitter. Information about data protection at Twitter can be found in their privacy policy at twitter.com/en/privacy.

We also use Facebook to distribute and communicate our topics and content. Facebook uses technologies to collect information about users. We have no influence on the use of your data by Facebook. For information about Facebook's privacy policy, please see their privacy policy at https://www.facebook.com/privacy/explanation.

For webinars that cannot be conducted through our Big Blue Button server due to event size or organizational reasons, we use ClickMeeting. ClickMeeting uses technology to collect information about users. We have no control over ClickMeeting's use of your data. For information about ClickMeeting's privacy practices, please see their privacy policy at https://clickmeeting.com/en/legal.

Right of access and contact details
You have a comprehensive right to information regarding the personal data we have stored about you at any time, as well as the right to have incorrect data corrected, blocked or deleted.
If you wish to receive information about your personal data or its correction or deletion, or if you have further questions about the use of your personal data provided to us, please contact: webadmin[at]attac.de

Frankfurt, February 10, 2022

BiKoop e.V.
c/o Rhony Bajohr
Michaelisstr. 26
99084 Erfurt
Phone:: +49 69 900 281 -10
fax: +49 69 900 281-99
E-mail: info@bikoop.de
Web: www.bikoop.de

Please send general inquiries to info@bikoop.de

Name	Purpose	Lifetime	Type	Provider
CookieConsent	Saves your consent to using cookies.	1 year	HTML	Website
fe_typo_user	Assigns your browser to a session on the server.	missing translation: duration.	missing translation: type.	Website

Name	Purpose	Lifetime	Type	Provider
_pk_id	Used to store a few details about the user such as the unique visitor ID.	13 months	HTML	Matomo
_pk_ref	Used to store the attribution information, the referrer initially used to visit the website.	6 months	HTML	Matomo
_pk_ses	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo
_pk_cvar	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo
_pk_hsr	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo