Privacy Policy

Preamble
We, the Free Evangelical Church of Göttingen, thank you for visiting our website. As a church, the secure handling of your data is particularly important to us. The Free Evangelical Church of Göttingen is a member of the Federation of Free Evangelical Churches (BFeG) in Germany (KdöR). The websites (http://feg.de) and the FeG Göttingen website are therefore not subject to the EU GDPR. Instead, the Data Protection Regulations of the Federation of Free Evangelical Churches in Germany (KdöR) (DSO-FeG:http://www.datenschutz.feg.de) apply.

We would therefore like to provide you with detailed information about the data controller and how your data is used when you visit our website:

1. Definitions
a)“personal data”means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); a natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

(b)“special categories ofpersonaldata”means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation;

(c)“processing”means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure, or destruction;

(d)“recipient”means a natural or legal person, public authority, agency, or other body to whom personal data is disclosed, regardless of whether or not that entity is a third party;

(e)“third country”means a country that is not a member of the European Union;

(f)“Federal body” meansa congregation that is a member of the Federation of Free Evangelical Congregations, a branch of the Federation, an institution, a federal division, a federal committee, or an organ of the Federation;

(g)“controller”means a federal agency that, alone or jointly with others, determines the purposes and means of the processing of personal data;

(h)“processor”means a natural or legal person, or—if the controller is part of another legal entity—a federal agency that processes personal data on behalf of the controller;

(i)“Third party”means a natural or legal person, public authority, local government, or body other than the data subject, the controller, the processor, and the persons authorized to process personal data under the direct authority of the controller or the processor; public authorities as defined in Section 2 of the Federal Data Protection Act (BDSG).

(j)“Anonymization”means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject or can be attributed to an identified or identifiable individual only with a significant amount of time, cost, and effort;

(k)“pseudonymization”means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person;

(l)“File system”means any structured collection of personal data accessible according to specific criteria, regardless of whether that collection is managed centrally, decentrally, or organized according to functional or geographical criteria;

(m)“Supervisory Body”or “Data Protection Council” means an independent federal agency responsible for overseeing compliance with data protection regulations;

(n)“Federal Data Protection Commissioner”:the data protection officer appointed by the Federal Executive Board (hereinafter also referred to as the “Data Protection Commissioner”);

(o)“Data Protection Officer”:the data protection officer appointed by a federal agency within the scope of responsibility of the controller;

(p)“restriction of processing”means the marking of stored personal data with the aim of limiting its future processing;

q)“Consent”of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

(r)“Data Protection Council”means the federal supervisory body for data protection;

(s)“Conciliation Board”: the body to which disputes regarding data protection between the Data Protection Council and a federal agency may be referred.

2. Data Controller
The data controller within the meaning of the Data Protection Regulations (DSO-FeG) is the Free Evangelical Church of Göttingen (
)
Alfred-Delp-Weg 3a
37085 Göttingen

The Free Evangelical Church of Göttingen is represented by Pastor Simon Hartung. If you have any general questions or comments regarding data protection, please feel free to contact us at any time by phone at 0551-5033900 or by email at datenschutz@feg-goettingen.de.

3. Collection of Data
The website of the Free Evangelical Church of Göttingen collects a range of general data and information each time a data subject or an automated system accesses the website. This general data and information is stored in the server’s log files. The following may be collected:
a) browser types and versions used,
b) the operating system used by the accessing system,
c) the website from which an accessing system reaches our website (so-called referrer),
d) the subpages accessed via an accessing system on our website,
e) the date and time of access to the website,
f) an Internet Protocol address (IP address),
g) the Internet service provider of the accessing system, and
h) other similar data and information that serve to prevent threats in the event of attacks on our information technology systems.

When using this general data and information, the Free Evangelical Church of Göttingen does not draw any conclusions about the data subject. Rather, this information is required to enable
a) to correctly deliver the content of our website,
b) to optimize the content of our website as well as the advertising for it,
c) to ensure the continued functionality of our information technology systems and the technology of our website, and
d) to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyberattack.

The Free Evangelical Church of Göttingen therefore uses this anonymously collected data and information for statistical purposes and to enhance data protection and data security within our church community, with the ultimate goal of ensuring the highest possible level of protection for the personal data we process. The anonymous data from the server log files is stored separately from any personal data provided by data subjects.

4. Legal or contractual requirements regarding the provision of personal data; necessity for the conclusion of the contract; the data subject’s obligation to provide personal data; Possible consequences of non-provision
We inform you that the provision of personal data is in some cases required by law (e.g., tax regulations) or may also result from contractual provisions (e.g., information about the contracting party). In some cases, it may be necessary for a data subject to provide us with personal data in order to conclude a contract, which we must subsequently process. For example, the data subject is obligated to provide us with personal data when our parish enters into a contract with them. Failure to provide the personal data would result in the contract with the data subject not being able to be concluded. Before providing personal data, the data subject must contact our Data Protection Officer or the data controller of our parish. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.

5. What data is collected and stored?
You do not need to provide any personal data to visit our website. Personal data consists of specific information regarding the personal and factual circumstances of an identified or identifiable individual (see Section 3(1) DSO-FeG), i.e., data that allows conclusions to be drawn about a person. We collect or store this data only if you voluntarily provide it to us, for example, when contacting us via the contact form.

When you use a contact form, we collect the following information:

• Name
• Address (if required by law)
• Date of birth
• Email address
• Phone number
• Your inquiry
• documents you have submitted that contain personal data

Personal data provided voluntarily is collected, stored, and processed solely for the purpose of establishing contact. Your data will not be disclosed to third parties. Naturally, we ensure that the use of your data complies with the data protection regulations of the DSO-FeG.

6. Use of Cookies
Our website uses cookies. “Cookies” are small text files that are stored on your computer. They make it easier to use websites. When using cookies, there is generally a risk that your browsing behavior on the website can be tracked and user profiles created. Nevertheless, we also use “cookies” on our website because they make using the site more convenient and certain website functions cannot be performed otherwise. After you close your browser, most of the cookies we use are deleted from your hard drive (“session cookies”). So-called “persistent cookies,” on the other hand, remain on your computer and allow us to recognize you on your next visit.

However, you still have the option of preventing cookies from being stored on your computer by changing the relevant settings in your browser. Please note, however, that this may result in limited functionality on our website.

7. Use of Google Analytics for Web Analytics
We use Google Analytics, a web analytics service provided by Google Inc. (“Google”), on our website. Google Analytics uses “cookies,” which are text files stored on your computer that enable an analysis of your use of the website.

The information generated by the cookie about your use of this website (including your IP address) is transmitted to a Google server in the United States and stored there. Google will use this information to evaluate your use of the website, to compile reports on website activity for website operators, and to provide other services related to website and internet usage.

Google may also transfer this information to third parties where required by law or where such third parties process the data on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do so, you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data collected about you by Google in the manner and for the purposes described above.

You may object to the collection and storage of your data at any time, with effect for the future. In light of the discussion surrounding the use of analytics tools with full IP addresses, we would like to point out that, in order to prevent direct personal identification, IP addresses are only processed in truncated form on this website, as we use Google Analytics with the “_anonymizeIp()” extension.

You can prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address), as well as from processing this data, by downloading and installing the browser plug-in available at the following link:https://link.feg.de/dsogaoptout. The terms of use and privacy policies of Google and Google Analytics can be found athttps://link.feg.de/dsogdenbandhttps://link.feg.de/dsoganb, respectively.

8. Use of Google Web Fonts and Google Maps
Some of our pages contain embedded fonts and maps (Google Maps) provided by Google Inc. Simply visiting a page on our website that includes Google Fonts or Google Maps does not result in the transmission of any personal data, with the exception of the IP address. The IP address is transmitted to Google Inc., 600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). By using this website, you consent to the collection, processing, and use of automatically collected data as well as data you enter by Google, its representatives, or third-party providers.

The Terms of Service for Google Maps can be found at Terms of Service for Google Maps (https://link.feg.de/dsogmaps). For more information, visit the Google Privacy Center athttps://link.feg.de/dsogdenb(Transparency and Choices, and Privacy Policy).

9. Statistical Analysis with MATOMO
This website uses MATOMO (formerly Piwik), an open-source software for statistical analysis of visitor traffic. Piwik uses so-called “cookies,” text files that are stored on your computer and enable an analysis of your use of the website. When individual pages of our website are accessed, the following data is collected and stored:
a) Two bytes of the IP address of the user’s accessing system
b) The webpage accessed
c) The website from which the user accessed the webpage (so-called referrer)
d) The subpages accessed from the webpage
e) The duration of the visit to the website
f) The frequency of visits to the website

The information generated by the cookie regarding your use of this website is stored on our website’s servers in Germany / within the European Union. The IP address is anonymized immediately after processing and before storage (reduced to two bytes; see above). The data is not shared with third parties. You can prevent the installation of cookies by adjusting your browser settings accordingly. However, please note that in this case, you may not be able to use all features of this website to their full extent.

For more information on data protection in MATOMO, please visit:https://link.feg.de/dsomatomodatenschutz

Here, you can choose whether to allow a unique web analytics cookie to be stored in your browser, enabling the website operator to collect and analyze various statistical data. If you prefer not to allow this, click the following link to set the MATOMO opt-out cookie in your browser. Your visit to this website is currently being tracked by MATOMO web analytics. Click here to stop your visit from being tracked.

10. Social Media
In addition to this website, we also maintain a presence on various social media platforms (see Legal Notice). If you visit one of these platforms, personal data may be transmitted to the social media provider. In addition to storing the data you specifically enter on that social media platform, the social media provider may also collect, process, or use additional information.

In addition, the social network provider may collect, process, and use key data from the computer system you are using to access the site—such as your IP address, the type of processor, and the browser version, including any plug-ins.

If you are logged in to your personal account on a social media platform while visiting our website, that platform may associate your visit with your account. If you do not want this to happen, you must log out of your account before visiting our website.

For information regarding the purpose and scope of data collection by the respective social network, as well as the further processing and use of your data on that platform and your rights in this regard, please refer to the respective terms and conditions of the social network in question:

Facebook(https://link.feg.de/dsofbdatenschutz)
YouTube(https://link.feg.de/dsogdatenschutz)
Instagram(https://link.feg.de/dsoinstdatenschutz)

11. Links
Our website may contain links to third-party websites. Since we have no control over these websites, we recommend that users review the privacy policies posted on those sites. We assume no responsibility for the content of the linked sites.

12. Newsletter
Our monthly newsletter, the alumni newsletter, and emails to members and friends of the congregation contain information about upcoming events and current announcements for our congregation. We use the Churchtools service for this purpose.

13. ChurchTools
As FeG Göttingen, we have many groups and circles to manage. In addition, the church’s various events require a significant amount of organizational effort. To manage this effectively, our church uses ChurchTools (CT). CT is a web application used for managing members, friends, and alumni, as well as organizing events for the church and its groups.

CT also stores the contact information (name, address, phone number, email, etc.) of members, friends, and alumni of the congregation. In addition, it stores group affiliations to facilitate notifications (emails) and similar communications. Information subject to the confidentiality of pastoral care is not stored in CT. A separate technical system (Optigem) is used for financial and donation accounting.

Personal data of members’ minor children is stored if provided by their parents. Personal data of non-members (typically friends or former members of the congregation) is stored if they consent to the storage of their data (use of a contact card, written declaration) or if storage is required by law or by a regulation of the Federation of Free Evangelical Congregations (KdöR).

CT makes contact information available to members under the heading “Member and Friends List.” Members who agree to respect data privacy are granted access to this Member and Friends List (last name, first name, email address, phone numbers, birthdays, mailing address). Friends are granted limited access to this list provided they are involved in a community work group. The declaration to respect data privacy is also a prerequisite for receiving a printed list of members.

The contact information for members, friends, and alumni—whether from CT or the printed membership directory—is intended for internal use only. It is intended to facilitate communication within the congregation.

You may not simply share the information on this list with people outside the church. This includes Christian organizations or members of other churches. If you wish to share contact information, you must first obtain permission from the person whose contact information you are sharing.

If you would like to know exactly what information we have stored about you, you can contact theData Protection Officer. 

14. Parish App (Communi)
As a municipality, we use an app provided by Communi. Communi only stores data that users voluntarily provide themselves. This includes data such as their conversations, their IP address, and the events, offers, requests, and recommendations they create. This data is collected solely to ensure the app functions properly and for statistical analysis. All data is always linked only to the username you choose during registration. When you visit this site, the web server also automatically records log files that cannot be attributed to any specific person.   

Under applicable law, you may contact us in writing at any time to inquire whether we have stored any personal data about you and, if so, what data we have stored. You may also request the deletion of your data at any time. To do so, please send an email to datenschutz@communiapp.de. Before using the app, you must accept the app’s Terms of Use and Privacy Policy. You will be prompted to do so after installing the app. Please also observe netiquette. 

15. Embedded videos from external websites
Some of our pages contain embedded content from YouTube or Instagram. Visiting one of these pages does not result in the transmission of personal data to the service provider, with the exception of the IP address. In the case of YouTube, the IP address is transmitted to Google Inc., 600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and in the case of Instagram, to Instagram Inc., 181 South Park Street, Suite 2, San Francisco, CA 94107, USA.

15. Data Security
We protect our website and other systems against the loss, destruction, unauthorized access, alteration, or disclosure of your data through technical and organizational measures. Despite regular checks, it is not possible to provide complete protection against all risks.

This website uses the industry-standard SSL (Secure Sockets Layer) encryption in certain areas. This ensures the confidentiality of your personal information when transmitted over the Internet.

16. Updating/Deleting Your Personal Data
You may review, change, or delete the personal data you have provided to us at any time by sending an email to datenschutz@feg-goettingen.de. If you are a member, you can also opt out of receiving further information in the future.

You also have the right to withdraw any consent you have previously given at any time, with effect for the future. The stored personal data will be deleted if you revoke your consent to its storage. The data controller processes and stores the data subject’s personal data only for the period necessary to achieve the purpose of storage or to the extent provided for by the European legislator or another legislator in laws or regulations to which the data controller is subject.

If the purpose of storage no longer applies or if a retention period prescribed by European directives and regulations or by another competent legislative body expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.

17. Rights of Data Subjects
Every data subject has the right to request confirmation from the controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right to confirmation, they may contact our Data Protection Officer or another employee of the controller at any time.

Any individual whose personal data is being processed has the right to obtain, at any time and free of charge, information from the controller regarding the personal data stored about them, as well as a copy of that information. Furthermore, there is a right to information regarding the following details (Section 11 DSO-FeG): the purposes of processing; the categories of personal data; the recipients to whom the personal data has been disclosed; if possible, the planned duration for which the personal data will be stored, or, if this is not possible, the criteria for determining this duration; the existence of a right to rectification or erasure of the personal data concerning them or to restriction of processing by the controller, or a right to object to such processing; the existence of a right to lodge a complaint with the Data Protection Council; information regarding the origin of the data.

If a data subject wishes to exercise this right of access, they may contact our Data Protection Officer or another employee of the data controller at any time.

Any data subject affected by the processing of personal data has the right to request the immediate rectification of inaccurate personal data concerning them (Section 12 DSO-FeG). Furthermore, the data subject has the right to request the completion of incomplete personal data—including by means of a supplementary statement—taking into account the purposes of the processing (Section 12(2) DSO-FeG). If a data subject wishes to exercise this right to rectification, they may contact our data protection officer or another employee of the controller at any time.

Any individual whose personal data is being processed also has the right to request that the controller erase their personal data without delay, provided that one of the following grounds applies and the processing is not necessary: The personal data was collected or otherwise processed for purposes for which it is no longer necessary.

The data subject withdraws their consent (Section 6(3) DSO-FeG), on which the processing was based pursuant to Section 6(1) DSO-FeG or Section 8(2)(a) DSO-FeG, and there is no other legal basis for the processing.

The data subject has objected to the processing pursuant to § 16(1) of the DSO-FeG, and there are no overriding legitimate grounds for the processing.

The personal data was processed unlawfully.

The erasure of personal data is necessary to comply with a legal obligation under canon law, Union law, or the law of the Member States to which the controller is subject.

If any of the above reasons apply and a data subject wishes to request the deletion of personal data stored by the Free Evangelical Church of Musterstadt, they may contact our Data Protection Officer or another employee of the data controller at any time. The data controller will then ensure that the request for deletion is complied with without delay.

If the Free Evangelical Church of Göttingen has made personal data public and, as the data controller pursuant to § 13(1) DSO-FeG, is obligated to erase such personal data, the Free Evangelical Church of Göttingen shall take appropriate measures, taking into account available technology and implementation costs, including technical measures, to inform other data controllers who process the published personal data that the data subject has requested that these other data controllers delete all links to this personal data or copies or replicas of this personal data, provided that the processing is not necessary. The Data Protection Officer of the Free Evangelical Church of Göttingen or another staff member will take the necessary steps on a case-by-case basis.

Pursuant to Section 14 of the DSO-FeG, any individual whose personal data is being processed has the right to request that the controller restrict the processing if any of the following conditions are met:

The data subject disputes the accuracy of the personal data for a period of time that allows the controller to verify the accuracy of the personal data.

The processing is unlawful, the data subject objects to the erasure of the personal data, and instead requests that the use of the personal data be restricted.

The controller no longer needs the personal data for the purposes of processing, but the data subject needs it to establish, exercise, or defend legal claims.

The data subject has lodged an objection to the processing pursuant to § 16(1) of the DSO-FeG, and it has not yet been determined whether the legitimate grounds of the controller outweigh those of the data subject.

If any of the above conditions are met and a data subject wishes to request the restriction of personal data stored by the Free Evangelical Church of Musterstadt, they may contact our Data Protection Officer or another employee of the data controller at any time. The data controller will then arrange for the processing to be restricted.

Any data subject whose personal data is being processed has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to § 5(1)(a) DSO-FeG or § 8(2) DSO-FeG or on a contract pursuant to § 5(1)(b) DSO-FeG, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Any data subject affected by the processing of personal data has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them that is carried out pursuant to Article 5(2)(e), (f), or (g) of the DSO-FeG. This also applies to profiling based on these provisions.

In the event of an objection, the Free Evangelical Church of Göttingen will no longer process personal data unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or that the processing is necessary for the establishment, exercise, or defense of legal claims.

If the Free Evangelical Church of Göttingen processes personal data for the purpose of direct marketing, the data subject has the right to object at any time to the processing of personal data for such marketing purposes. This also applies to profiling, insofar as it is related to such direct marketing. If the data subject objects to the Free Evangelical Church of Musterstadt regarding processing for direct marketing purposes, the Free Evangelical Church of Musterstadt will no longer process the personal data for these purposes.

In addition, the data subject has the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her that is carried out by the Free Evangelical Church of Musterstadt for scientific or historical research purposes or for statistical purposes pursuant to § 13(3)(4) DSO-FeG, unless such processing is necessary for the performance of a task carried out in the public interest.

To exercise the right to object, the data subject may contact the Data Protection Officer of the Free Evangelical Church of Göttingen or another staff member directly.

Any individual whose personal data is being processed has the right not to be subject to a decision based solely on automated processing —including profiling—that produces legal effects concerning them or similarly significantly affects them, provided that the decision
a) is not necessary for the conclusion or performance of a contract between the data subject and the controller, or
b) is permitted under the laws of the Federation of Free Evangelical Churches in Germany (KdöR), the European Union, or the Member States to which the controller is subject, and such legal provisions include appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, or
c) is based on the explicit consent of the data subject.

If the decision
a) is necessary for the conclusion or performance of a contract between the data subject and the controller, or
b) is made with the data subject’s explicit consent, the Free Evangelical Church of Göttingen shall take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, which shall include, at a minimum, the right to request human intervention by the controller, to present one’s own point of view, and to challenge the decision.

If the data subject wishes to exercise rights related to automated decision-making, they may contact our Data Protection Officer or another employee of the data controller at any time.

Any individual whose personal data is being processed has the right to withdraw their consent to the processing of their personal data at any time.

If the data subject wishes to exercise their right to withdraw consent, they may contact our Data Protection Officer or another employee of the data controller at any time.

18. Legal basis for processing
§ 5(2) DSO-FeG serves as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party—as is the case, for example, with processing operations required for the delivery of goods or the provision of other services or consideration—the processing is based on § 5(2)(d) DSO-FeG. The same applies to processing operations necessary for the implementation of pre-contractual measures. If we are subject to a legal obligation that requires the processing of personal data, such as to fulfill tax obligations, the processing is based on Section 5(2)(d) of the DSO-FeG. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance information, or other vital information subsequently had to be disclosed to a doctor, a hospital, or other third parties. In such cases, the processing would be based on § 5(2)(e) DSO-FeG. Finally, processing operations may be based on § 5(2)(f) through (h) DSO-FeG. This legal basis applies to processing operations not covered by any of the aforementioned legal bases if the processing is necessary to safeguard a legitimate interest of our parish or a third party, provided that the interests, fundamental rights, and fundamental freedoms of the data subject do not take precedence. The same applies to processing necessary for the performance of a task carried out in the interest of the Federal Government or for journalistic and editorial purposes of the Federal Government.

19. Notification of Changes
Changes in the law or in our internal processes may require us to update this Privacy Policy. In the event of such a change, we will notify you at least six weeks before it takes effect. You generally have the right to withdraw your consent (No. 20). Please note that (unless you exercise your right of withdrawal) the currently valid version of the Privacy Policy is the one that applies.

19. Your data protection officer or contact person:
If you have any questions regarding the collection, processing, or use of your personal data, or if you wish to request access to, correction, deletion, or blocking of your data, revoke consent you have given, or object to a specific use of your data, please contact (our data protection officer) directly:

Pastor Simon Hartung
datenschutz@feg-goettingen.de
Phone: 0551 5033900.

As of July 26, 2024