Data protection and privacy

I. General information and contact persons

Welcome to our website! Data protection is not only a legal necessity for us, but a matter of course. With the following information, we would like to inform you in accordance with the legal regulations about what happens to your personal data when you visit our website. Personal data is all data that can be assigned to you as an identified or identifiable person. The controller responsible for the processing of personal data in connection with your visit to this website is

Name and contact details of the person responsible:
ME/CFS Research Foundation gGmbH
Ballindamm 27
DE - 20095 Hamburg
E-Mail: datenschutz@mecfs-research.org

Further contact information can be found in the provider identification ("Imprint") on our website.

In accordance with the statutory provisions, the controller is not obliged to appoint a company data protection officer. This data protection declaration applies to the websites via which it is made available for retrieval. For other websites and services, the data protection information provided there applies.

II Processing of your data

When you use our website, various personal data are processed:

1. provision of the website and creation of log files

Each time our website is accessed, our system automatically collects data and information from the accessing computer:

Information about the browser type and version used
The user's operating system
The HTTP response code
The number of bytes transferred
The IP address of the user
Date and time of access
Websites from which the user's system accesses our website
Websites that are accessed by the user's system via our website

Temporary storage of the IP address is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

Storage in log files serves to ensure the functionality of the website. In addition, we use the data to optimize these Internet offers and to ensure the security of our information technology. The data is not analyzed for marketing purposes in this context.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case at the end of the usage process. If the data is stored in log files, this is the case after fourteen days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.

The legal basis for the temporary storage of data and log files is Article 6(1)(f) of the European General Data Protection Regulation (GDPR), whereby our legitimate interest is the proper provision of the functions of this website, the evaluation of access information with the aim of eliminating and preventing technical faults and the prevention and tracking of security incidents.

2. Cookies

This website uses cookies and similar technologies. Cookies are small text files that are stored by the Internet browser on the user's end device. A cookie usually contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Cookies are used to make the website more user-friendly, to optimize the functions and services of the website and to provide you with content tailored to your needs.

The purpose of using technically necessary cookies is to enable and simplify the use of the website. Some functions of this website cannot be offered without the use of cookies.
The user data collected by technically necessary cookies is not used to create user profiles. In addition, with your separate consent, cookies may be used to provide external media such as films and maps and to analyze the use of the website.

The user data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not merged with other personal data of the user.
You can deactivate or restrict the use of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for the website, it may no longer be possible to use all functions of the website to their full extent.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR, whereby the legitimate interest of the controller is the secure, stable and efficient provision of the functions of the website and the information that can be accessed via it. If the controller fulfills a contractual obligation towards you with the respective function, for example participation in a digital event booked by you, the legal basis is Art. 6 para. 1 lit. b) GDPR. If we use cookies that are not technically necessary for the provision of functions or for other purposes, the legal basis for the processing of personal data in connection with these cookies is Art. 6 para. 1 lit. a GDPR in conjunction with your consent.

3. plugins and tools

This website does not currently use any tools to evaluate user behavior.

4. Links

Our website contains links to third-party websites as well as options for sharing or recommending content from our website via social networks. The respective data protection declarations and data protection notices of the respective operators of the linked websites apply. We would like to point out that we are not responsible for data processing practices on third-party platforms outside our own sphere of influence. The data protection information and terms of use of the respective service provider apply.

5. inquiries/donations/transactions

In addition to the purely informational use of our offers, you can send us questions, other messages and donations. To do so, you must generally provide further personal data, which we process in order to process your request and respond to your inquiries as well as to fulfill contracts concluded with you and to which the aforementioned data processing principles apply. In addition, we use personal data to the extent necessary to fulfill our legal obligations, for example to comply with our documentation and retention obligations under tax or commercial law.

The data will only be passed on to third parties if and to the extent that this is necessary to fulfill our contractual obligations towards you (Art. 6 para. 1 sentence 1 lit. b) GDPR) or if the transfer of your data is necessary for the appropriate and efficient processing of your request or to answer your inquiry, whereby our legitimate interests within the meaning of the legal basis of Art. 6 para. 1 lit. f) GDPR exist in these objectives.

The legal basis for the processing of your data is Art. 6 para. 1 lit. a GDPR if consent has been given. If the processing serves the fulfillment of a contract to which the data subject is a party or the implementation of pre-contractual measures, the legal basis for the processing of the data is Art. 6 para. 1 lit. b) GDPR. This applies in particular to the processing of donations. If we process personal data in order to process non-contractual requests or inquiries or to respond appropriately to reviews, we do so for the purpose of optimal and efficient communication with you as well as for the appropriate evaluation and commenting of reviews and to improve our customer service, to optimize and tailor our offers to your needs, to maintain the customer relationship and also to clarify and resolve technical problems. The aforementioned purposes constitute our legitimate interests within the meaning of the legal basis of Art. 6 para. 1 lit. f GDPR. If we fulfill a legal obligation incumbent on us with the processing of your personal data, the legal basis is Art. 6 para. 1 lit. c GDPR.

In addition, we reserve the right to process personal data in individual cases if this is necessary, for example, for the purpose of prosecuting abusive or fraudulent activities, for tracking and rectifying functional or security problems. The aforementioned purposes then constitute our legitimate interest within the meaning of the legal basis of Art. 6 para. 1 lit. f GDPR.

https://www.paypal.com/donate/?hosted_button_id=MB3T763YDGPNQ
For donations via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transfer takes place in accordance with Art. 6 para. 1 lit. b GDPR and only insofar as this is necessary for payment processing.
Further data protection information, including information on the credit agencies used, can be found in PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Stripe
If you choose a payment method from the payment service provider Stripe, the payment will be processed via the payment service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will pass on the information you provide during the ordering process together with the information about your order (name, address, account number, bank code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. You can find more information about Stripe's data protection at the URL https://stripe.com/de/privacy#translation

6. newsletters and e-mail messages

With your consent, you can subscribe to our newsletter, which we use to inform you about our latest news. The advertised services and benefits are named in the declaration of consent.

We use the so-called double opt-in procedure to subscribe to our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter.

The legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR.
You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail or by sending a message to the contact details given in the imprint. After revocation, this personal data will be deleted by the controller.

7. SSL or TLS encryption

In the case of unencrypted data transmissions on the Internet (e.g. unencrypted communication by email), the confidentiality of the transmitted data cannot be fully guaranteed. This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator.

You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

III. Your rights

You have the right at any time, within the scope and in accordance with the statutory provisions, to

to withdraw the consent you have given us to process your personal data at any time or to object to the processing of your data.
to receive information about your data stored by us.
that incorrect data about you is corrected by us.
that data about you that is no longer required will be deleted.
that the processing of your data is restricted under certain conditions; this may be the case, for example, if deletion is not possible but the data may not be processed further.
that your data is transferable; this right applies in particular if you have given your consent to the processing of your data or if the processing of the data is necessary to fulfill a contract. The right to data portability does not exist insofar as your data is not processed automatically.

To exercise your rights, please use the contact details provided in the introduction to this privacy policy.

If you are of the opinion that the processing of your data violates the legal requirements, you can also lodge a complaint with the supervisory authority responsible for us.

We would like to point out that in certain cases we may request additional information from you in order to establish your identity. This is the only way we can ensure that information is not disclosed to unauthorized persons, for example when providing information.

IV. Data protection for applications and in the application process

We process the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits the relevant application documents to us electronically, for example by e-mail or via a web form on the website. If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents will be automatically deleted four months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

The legal basis for the processing of personal data of applicants is § 26 of the Federal Data Protection Act (BDSG) in conjunction with Art. 6 para. 1 lit. b, 88 GDPR, furthermore, insofar as the processing is carried out to fulfill legal requirements, Art 6. para. 1 lit. c GDPR and, insofar as the consent of the data subject is the basis of the processing, Art. 6 para. 1 lit. a GDPR in conjunction with § 26 BDSG.

V. Service provider

In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.

VI Storage period

Unless otherwise stated in the respective individual information, we process personal data in accordance with the statutory provisions only for the purposes described here and only for as long as personal identification of the data subject is required for the respective purpose. The data will then be deleted or neutralized/anonymized in accordance with data protection regulations.