The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
back-for-good.de, as the data controller, has implemented numerous technical and organizational measures to ensure the most complete possible protection of the personal data processed via this website. Nevertheless, Internet-based data transmissions can in principle have security gaps, so that absolute protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us by alternative means, for example by telephone. Definitions of Terms
We use the following terms in this privacy statement, among others:
a) personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person shall be considered identifiable if he can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
b) Person affected
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
Processing means any operation or set of operations which is carried out with or without the aid of automated processes and which relates to personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, qualification, erasure or destruction.
d) Limitation of processing
Limitation of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or movements of that natural person.
Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures designed to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Person responsible or person responsible for the processing
The controller or data controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller may be designated in accordance with Union law or with the law of the Member States, or the specific criteria for his designation may be laid down.
h) Order processor
Processor means any natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the context of a specific investigation mandate under Union law or the law of the Member States shall not be considered as recipients.
Third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorised to process the personal data.
Consent shall mean any voluntary, informed and unambiguous expression by the data subject of his or her will in a particular case, in the form of a statement or other unequivocal affirmative act, indicating that he or she consents to the processing of his or her personal data.
Name and address of the controller
The person responsible within the meaning of the Basic Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is the Data Protection Commissioner:
Lückhoff Street, 24
E-Mail: contact [at] back-for-good.de
Some of the Internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files which are stored on your computer by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, accept cookies for certain cases or generally exclude them and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- operating system used
- Referrer URL
- host name of the accessing computer
- Time of the server request
These data cannot be assigned to specific persons. This data will not be merged with other data sources. We reserve the right to subsequently check this data if we become aware of concrete indications of illegal use.
If you send us enquiries via the contact form, your details from the enquiry form including the contact data you provided there will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.
If you wish to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data will not be collected. We use these data exclusively for the dispatch of the requested information and do not pass them on to third parties.
You can revoke your consent to the storage of data, e-mail address and their use to send the newsletter at any time, for example via the “Unsubscribe” link in the newsletter.
On this page the PlugIn WP YouTube Lyte is used. This means that you will only see a preview image in the posts in which videos are embedded. This means that by simply visiting a page where videos are embedded, no personal data is passed on to another platform. If you then want to watch the video with one click, your data will be recorded according to the respective specifications of the respective platform.
For example, if you are logged in to your YouTube account, you can enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as requests you send to us as a site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL encryption is activated, the data that you transmit to us cannot be read by third parties.
Right to information, deletion, blocking
You have the right at any time to free information about your stored personal data, their origin and recipient and the purpose of data processing as well as a right to correction, blocking or deletion of this data. You can contact us at any time at the address given in the imprint for this and other questions on the subject of personal data.
routine deletion and blocking of personal data
The controller shall process and store the personal data of the data subject only for the period of time necessary to achieve the storage purpose or where provided for by the European directive and regulation maker or another legislator in laws or regulations to which the controller is subject.
If the storage purpose no longer applies or if a storage period prescribed by the European directive and regulation giver or another competent legislator expires, the personal data shall be blocked or deleted routinely and in accordance with the statutory provisions.
Rights of the person affected
a) Right to confirmation
Every data subject shall have the right, granted by the European directive and regulation maker, to obtain from the controller confirmation as to whether personal data relating to him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may at any time contact an employee of the controller.
b) Right to information
Any person concerned by the processing of personal data has the right, granted by the European directive and regulation maker, to obtain at any time, free of charge, from the controller, information on the personal data relating to him which have been stored and a copy of that information. In addition, the European legislator has provided the data subject with the following information:
- the processing purposes
- the categories of personal data that will be processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
- the existence of a right to rectify or erase personal data concerning him or her or to have the processing limited by the controller or to object to such processing
- the existence of a right of appeal to a supervisory authority
- when the personal data is not collected from the data subject: All available information on the origin of the data
- the existence of automated decision making including profiling in accordance with Article 22(1) and (4) of the DS Block Exemption Regulation and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject
the recipients or categories of recipients to whom the personal data have been or will be disclosed
the existence of a right to rectify or erase personal data concerning him or her or to object to such processing
the existence of a right to appeal to a supervisory authority
the existence of an automated decision making system including profiling in accordance with Article 22(1) and (4) of the DS Block Exemption Regulation and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject
The data subject also has the right to know whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject shall also have the right to obtain information on the appropriate safeguards in connection with the transfer.
If a data subject wishes to exercise this right of access, he or she may at any time contact an employee of the controller.
c) Right to rectification
Any person concerned by the processing of personal data has the right, granted by the European directive and regulation maker, to request the rectification without delay of inaccurate personal data concerning him or her. Furthermore, the data subject shall have the right, having regard to the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary statement.
If a data subject wishes to exercise this right of rectification, he or she may at any time contact an employee of the controller for this purpose.
d) Right to deletion (right to be forgotten)
Any person data subject to the processing of personal data shall have the right, granted by the European directive and regulation, to require the controller to erase without delay personal data concerning him which are subject to one of the following conditions and to the extent that the processing is not necessary:
- The personal data have been collected for such purposes or processed in any other way for which they are no longer necessary.
- The data subject shall revoke the consent on which the processing was based pursuant to Art. 6 para. 1 letter a DS-GVO or Art. 9 para. 2 letter a DS-GVO and there is no other legal basis for the processing.
- The data subject objects to the processing under Art. 21 para. 1 DS-GVO and there are no overriding legitimate reasons for the processing or the data subject objects to the processing under Art. 21 para. 2 DS-GVO.
- The personal data have been processed unlawfully.
- The deletion of personal data is necessary in order to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
- The personal data were collected in relation to information society services offered in accordance with Art. 8 para. 1 DS-GVO.
If one of the above reasons applies and a person concerned wishes to have personal data stored at back-for-good.de deleted, he or she can contact an employee of the data controller at any time. The employee of back-for-good.de will arrange for the deletion request to be complied with immediately.
If back-for-good.de has made the personal data public and our company, as the person responsible, is obliged to delete the personal data pursuant to Art. 17 Para. 1 DS-GVO, back-for-good.de will do so.de, taking into account the available technology and implementation costs, reasonable measures, including technical measures, to inform other data controllers who process the personal data disclosed, that the data subject has requested these other data controllers to delete all links to these personal data or copies or replications of these personal data, insofar as the processing is not necessary. The employee of back-for-good.de will take the necessary steps in individual cases.
e) Right to restrict processing
Any person data subject to the processing of personal data has the right, granted by the European directive and regulation, to request the controller to limit the processing if one of the following conditions is met:
- The accuracy of the personal data is disputed by the data subject for a period of time which allows the data controller to verify the accuracy of the personal data.
- The processing is unlawful, the data subject refuses the deletion of the personal data and instead requests the restriction of the use of the personal data.
- The data controller no longer needs the personal data for the purposes of processing, but the data subject needs them for the assertion, exercise or defence of legal claims.
- The data subject has lodged an objection against the processing pursuant to Art. 21 para. 1 DS-GVO and it is not yet clear whether the legitimate reasons of the data controller outweigh those of the data subject.
If one of the above conditions is met and a person concerned wishes to request the restriction of personal data stored at back-for-good.de, he or she can contact an employee of the data controller at any time. The employee of back-for-good.de will initiate the restriction of the processing.
f) Right to data transferability
Any data subject involved in the processing of personal data has the right, granted by the European directive and regulation, to obtain personal data concerning him or her which have been provided by the data subject to a controller in a structured, common and machine-readable format. It shall also have the right to communicate such data to another controller without interference from the controller to whom the personal data have been provided, provided that the processing is based on the consent referred to in Article 6(1)(a) DS Block Exemption Regulation or Article 9(2)(a) DS Block Exemption Regulation or on a contract referred to in Article 6(1)(b) DS Block Exemption Regulation and that the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, when exercising his right to data transferability pursuant to Art. 20 (1) DS-GVO, the data subject shall have the right to obtain that the personal data be transferred directly from one responsible person to another responsible person, insofar as this is technically feasible and insofar as this does not impair the rights and freedoms of other persons.
In order to assert the right to data transfer, the person concerned may at any time contact an employee of back-for-good.de.
g) Right of appeal
Any person data subject to the processing of personal data has the right, granted by the European directive and regulation maker, to object at any time, for reasons related to his/her particular situation, to the processing of personal data concerning him/her on the basis of Article 6(1)(e) or (f) of the DS Block Exemption Regulation. This also applies to profiling based on these provisions.
back-for-good.de will no longer process personal data in the event of objection, unless we can prove compelling reasons for processing worthy of protection which outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims.
If back-for-good.de processes personal data in order to conduct direct advertising, the person concerned has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling in so far as it is related to such direct marketing. If the person concerned objects to back-for-good.de processing the data for the purposes of direct marketing, back-for-good.de will no longer process the personal data for these purposes.
Furthermore, the data subject has the right to object to the processing of personal data concerning him/her by back-for-good.de for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 DS-GVO for reasons arising from his particular situation, unless such processing is necessary for the performance of a task in the public interest.
In order to exercise the right of objection, the person concerned may directly contact any employee of back-for-good.de or another employee. The data subject shall also be free to exercise his right of objection in relation to the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
h) Automated decisions in individual cases, including profiling
Any person data subject to the processing of personal data has the right under the European Directive and Regulation not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects upon him or her or significantly affects him or her in a similar manner, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the data controller, or (2) is authorised by Union or national law or by the Member States to which the data controller is subject and which provides for adequate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, or (3) is taken with the express consent of the data subject.
If (1) the decision is necessary for the conclusion or performance of a contract between the data subject and the data controller or (2) it is taken with the express consent of the data subject, back-for-good.de shall take appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, including at least the right to obtain the intervention of a data subject from the data controller, to present his or her point of view and to contest the decision.
If the data subject wishes to exercise rights relating to automated decisions, he or she may at any time do so by contacting an employee of the controller.
i) Right to revoke a data protection consent
Any person concerned by the processing of personal data has the right, granted by the European directive and regulation maker, to revoke consent to the processing of personal data at any time.
If the data subject wishes to exercise his or her right to withdraw consent, he or she may at any time do so by contacting an employee of the controller.
The data controller has integrated Jetpack into this website. Jetpack is a WordPress plug-in which offers additional functions to the operator of a website based on WordPress. Jetpack allows the website operator, among other things, an overview of the visitors to the site. The display of related articles and publications or the possibility to share content on the site can also increase the number of visitors. In addition, security features are built into Jetpack so that a web page using Jetpack is better protected against brute force attacks. Jetpack also optimizes and accelerates the loading of the images integrated on the website.
The operating company of the jetpack plug-in for WordPress is Automattic Inc. 132 Hawthorne Street, San Francisco, CA 94107, USA. The operating company uses the tracking technology of Quantcast Inc. 201 Third Street, San Francisco, CA 94103, USA.
Jetpack places a cookie on the data subject’s information technology system. What cookies are has already been explained above. Each time one of the individual pages of this Internet site is accessed, operated by the data controller and on which a Jetpack component has been integrated, the Internet browser on the data subject’s information technology system is automatically prompted by the respective Jetpack component to transmit data to Automattic for analysis purposes. As part of this technical process, Automattic obtains knowledge of data that is subsequently used to create an overview of Internet site visits. The data thus obtained shall be used to analyse the behaviour of the data subject who has accessed the website of the data controller and shall be evaluated with a view to optimising the website. The data collected through the Jetpack component will not be used to identify the data subject without the prior express consent of the data subject. The data will also be made known to Quantcast. Quantcast uses the data for the same purposes as Automattic.
The person concerned can prevent the setting of cookies by our website at any time, as described above, by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Automattic/Quantcast from setting a cookie on the information technology system of the person concerned. In addition, cookies already set by Automattic can be deleted at any time via the Internet browser or other software programs.
Furthermore, the person concerned has the possibility to object to and prevent the collection of data generated by the Jetpack cookie and related to the use of this website and the processing of this data by Automattic/Quantcast. To do this, the person concerned must press the opt-out button under the link https://www.quantcast.com/opt-out/, which sets an opt-out cookie. The opt-out cookie set with the objection is stored on the information technology system used by the person concerned. If the cookies on the system of the person concerned are deleted after an objection, the person concerned must call up the link again and set a new opt-out cookie.
With the setting of the opt-out cookie, however, it is possible that the Internet pages of the data controller may no longer be fully usable by the data subject.
Data protection regulations for the use of Shariff
The data controller has integrated the Shariff component on this website. The Shariff component provides social media buttons that comply with data protection regulations. Shariff was developed for the German computer magazine c’t and is published by GitHub, Inc.
Developer of the component is GitHub, Inc. 88 Colin P. Kelly Junior Street, San Francisco, CA 94107, USA.
Usually, the button solutions provided by the social networks already transfer personal data to the respective social network when a user visits a website in which a social media button has been integrated. By using the Shariff component, personal data is only transmitted to social networks if the visitor to a website actively presses one of the social media buttons. Further information on the Shariff component can be found in the computer magazine c’t at http://www.heise.de/newsticker/meldung/Datenschutz-und-Social-Media-Der-c-t-Shariff-ist-im-Einsatz-2470103.html . The use of the Shariff component has the purpose of protecting the personal data of visitors to our website and at the same time enabling us to integrate a button solution for social networks on this website.
Further information and the valid data protection regulations of GitHub can be called up under https://help.github.com/articles/github-privacy-policy/
Use of Web Fonts
The use of these web fonts is due to increased design and performance interest according to Article 6 1 f DSGVO.
Legal basis of the processing
Art. 6 I lit. a DS-GVO serves our company as a legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 I lit. b DS-GVO. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, such as in cases of inquiries about our products or services. If our company is subject to a legal obligation requiring the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c DS-GVO. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our business was injured and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d DS-GVO.
Ultimately, processing operations could be based on Art. 6 I lit. f DS-GVO. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not predominate. Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the person concerned is a customer of the person responsible (recital 47 sentence 2 DS Block Exemption Regulation).
Any legitimate interest in the processing that is being pursued by the controller or a third party
If the processing of personal data is based on Article 6 I lit. f DS-GVO, our legitimate interest is the conduct of our business for the benefit of all our employees and shareholders.
Duration for which the personal data is stored
The criterion for the duration of the storage of personal data is the respective legal retention period. After expiry of this period, the corresponding data will be routinely deleted unless they are no longer required for the fulfilment or initiation of the contract.
Legal or contractual provisions governing the provision of personal data; necessary for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-availability
We will inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information on the contractual partner).
Sometimes it may be necessary for a contract to be concluded that a person concerned makes personal data available to us which must subsequently be processed by us. For example, the person concerned is obliged to provide us with personal data when our company concludes a contract with him or her. Failure to provide personal data would mean that the contract could not be concluded with the data subject.
Before the data subject provides personal data, the data subject must contact one of our employees. Our employee informs the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and what consequences the non-availability of the personal data would have.
Existence of automated decision making
As a responsible company, we refrain from automatic decision-making or profiling.