Bestwig mountain monastery

Space & peace
Space & peace

Privacy policy

The use of our websites is permitted without personal data possible.

  1. All data is protected at the highest level. No matter in whose hands you are in our company. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
  2. This privacy policy is based on the provisions of the General Data Protection Regulation (GDPR), the Ecclesiastical data protection regulations of the religious community under pontifical law (KDR-OG) and the Ordinance on the Implementation of the Ordinance on Ecclesiastical Data Protection in the Religious Community of the Sisters of St Mary Magdalene Postel (KDO-DVO SMMP).
  3. This privacy policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as „data”) within our online offer and the associated websites, functions and content as well as external online presences, such as our social media profile. (hereinafter collectively referred to as „online offering”). With regard to the terms used, such as „processing” or „controller”, we refer to the definitions in Section 4 KDR-OG.

Contents

  1. Types of data processed
  2. Purpose of the processing
  3. Terminology used
  4. Personal data
  5. Legal basis for the processing of personal data
  6. Use and disclosure of personal data
  7. Data transfer to a third country
  8. Data erasure and storage duration
  9. Right to information
  10. SSL encryption
  11. Description and scope of data processing
  12. Hazard defence
  13. Cookies
  14. Reach measurement with Piwik/Matomo
  15. Online presence in social media
  16. Social media buttons
  17. Integration of third-party services and content
  18. Google Maps
  19. Google Fonts
  20. Adobe Spark
  21. YouTube
  22. Podcasts
  23. Further documents on data protection

1. types of data processed

  • Inventory data (e.g. names, addresses).
  • Contact details (e.g. e-mail, telephone numbers).
  • Content data (e.g. text entries, photographs, videos).
  • Usage data (e.g. websites visited, access times).
  • Meta/communication data (e.g. device information, IP addresses).

2. purpose of the processing

  • Provision of the online offer, its functions and content,
  • Answering contact enquiries and communicating with users,
  • Safety measures,
  • Reach measurement.

3. terms used

„Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as „data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

„Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data.

The „controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

4. personal data

Insofar as personal data (in particular name, address or e-mail addresses) is collected on our website, this is always done on a voluntary basis. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

If you contact us by Contact form enquiries or messages, these will be sent by e-mail. They are not stored by this web server or this website.

However, your details from the contact form, including the contact details you provide there, will be stored on our e-mail server, which is not connected to this website, for the purpose of processing the enquiry and in the event of follow-up questions, or deleted on request.

You can revoke your consent at any time for the future by sending an e-mail to the recipient of your enquiry or message. The e-mail address of the recipient is indicated under each contact form.

The data transmitted will not be used for direct advertising or other marketing purposes.

5. legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Section 6(1)(b) KDR-OG serves as the legal basis.

Section 6(1)(c) KDR-OG serves as the legal basis for the processing of personal data required for the fulfilment of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Section 6(1)(d) KDR-OG serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Section 6 (1) (e) KDR-OG serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Section 6 (1) (g) KDR-OG serves as the legal basis for the processing.

6 Use and disclosure of personal data

If you have provided us with personal data, we will only use it to answer your enquiries, to process contracts concluded with you and for technical administration. This personal data will only be passed on or otherwise transmitted to third parties if this is necessary for the purpose of processing the contract - in particular passing on order data to suppliers - or if this is necessary for billing purposes or if you have given your prior consent. You have the right to revoke your consent at any time with effect for the future.

7. data transfer to a third country

As part of the above-mentioned processing activities, a service provider with its registered office or server location in the United States of America (USA) is involved on the basis of an order processing contract concluded in accordance with Section 29 KDR-OG.

The US company is certified in accordance with the adequacy decision § 40 para. 1 KDR-OG (so-called “EU-US Data Privacy Framework" (DPF)). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with the legal data protection standard for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards.

The EU Commission's adequacy decision can be accessed via the EU Commission's website at the following link: Adequacy decision EU-US Data Privacy Framework_en.pdf (europa.eu)

Further information on the certification of service providers can be obtained from the US Department of Commerce: www.dataprivacyframework.gov/s/participant-search

If the service provider is not certified in accordance with the DPF, an appropriate level of data protection for the data transfer is based on the standard data protection clauses approved by the EU Commission in accordance with Section 40 (2) KDR-OG. By applying the standard data protection clauses, compliance with the statutory data protection standard is ensured when transferring data to the service provider.

8 Data erasure and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

9. right to information

Upon written request, we will be happy to inform you about the personal data stored about you.

10. SSL encryption

Our websites use SSL encryption for security reasons and to protect the transmission of confidential content, in particular the enquiries you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from „http://“ to „https://“ and by the lock symbol in your browser line.

If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

11 Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

  1. Information about the browser type and version used
  2. The user's operating system
  3. Type of end device of the user
  4. The user's internet service provider
  5. The IP address of the user
  6. Date and time of access
  7. Websites from which the user's system accesses our website
  8. Websites that are accessed by the user's system via our websites

The data is also stored in the log files of our system. This does not affect the user's IP addresses or other data that allows the data to be assigned to a user. This data is not stored together with other personal data of the user. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.

The legal basis for the temporary storage of data and log files is Section 6(1)(g) KDR-OG.

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

These purposes also constitute our legitimate interest in data processing in accordance with Section 6(1)(g) KDR-OG.

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

12. hazard prevention

To defend against brute force attacks and other attacks on our websites, IP addresses are stored in the database of our editorial system from which the log-in function of the websites is accessed. This constitutes a legitimate interest within the meaning of Section 6(1)(g) KDR-OG.

13. cookies

Cookies are small text files that are stored on your computer and saved by your browser. Cookies do not damage your computer and do not contain viruses. Some of the cookies used on this website are used to integrate external content, while others are used to count visitors.

A cookie is a test cookie (also called a cookie) that is only used to determine whether the user's browser accepts cookies.

One cookie used by this website is the cookie banner cookie, which saves your cookie settings. This cookie (borlabs-cookie) remains stored on your end device until you delete it. It enables us to recognise your browser on your next visit and to avoid having to ask you about your cookie settings again.

Another cookie is the one from Matomo, which is part of our visitor statistics.

This website uses so-called session cookies as soon as a user logs into our editorial system. However, this only affects employees with valid access authorisation.

Where external content such as. YouTube videos are integrated, cookies from the content providers are loaded, which are used to control the playback windows and visitor counting by these content providers.

You can change/revoke your cookie consent for this website at any time by clicking on this button.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases. You can exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

14. reach measurement with Piwik/Matomo

Data is collected and stored on this website on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation purposes in accordance with Section 6(1)(g) KDR-OG. Pseudonymised user profiles can be created and evaluated from this data for the same purpose. Cookies can also be used for this purpose. Among other things, they enable the internet browser to be recognised. The information generated by the cookie in the pseudonymised user profile is not used to personally identify the visitor to this website and is not merged with personal data about the bearer of the pseudonym. The usage data obtained in this way is not passed on to third parties.

Scope and description of the processing of personal data
We use the web analysis service software Matomo - formerly „Piwik“ - (www.matomo.org), a service of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, („Matomo“). Matomo stores cookies on your end device that enable us to analyse the use of our website.

The information collected in this way is stored exclusively on our server in Germany, namely the following data:

  • the IP address of the user's accessing system
  • the website called up
  • the website from which the user accessed the website (referrer)
  • the subpages that are accessed from the accessed website
  • the time spent on the website
  • the frequency of visits to the website

IP addresses are further processed in abbreviated form, so that they cannot be directly linked to individuals. The software is set so that the IP addresses are not stored in full, but are masked by 2 bytes of the IP address (e.g. 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer. The anonymised IP address transmitted by your browser via Matomo is not merged with other data.

Legal basis for the processing of personal data
The legal basis for the processing of the user's data is Section 6(1)(g) KDR-OG.

Purposes of the processing
We use Matomo to analyse the use of our website in order to find errors, record the number and types of user actions and continuously improve the user experience.

15. online presence in social media

We maintain online presences within the social networks YouTube, Facebook, Instagram and Twitter in order to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

Unless otherwise stated in our privacy policy, we process users' data if they communicate with us within social networks and platforms, e.g. write posts on our online presences or send us messages.

16. social media buttons

The content on our pages can be shared on social networks such as Facebook, Twitter, Xing or WhatsApp in compliance with data protection regulations. This site uses the Shariff tool for this purpose. This tool only establishes direct contact between the networks and users when the user actively clicks on one of these buttons.

This tool does not automatically transfer user data to the operators of these platforms. If the user is logged in to one of the social networks, an information window appears when using the social buttons of Facebook, Twitter, Xing or WhatsApp, in which the user can confirm the text before sending it.

Our users can share the content of this page on social networks in compliance with data protection regulations without complete surfing profiles being created by the network operators. You can find more information about the plugin and the Shariff solution here: https://de.wordpress.org/plugins/shariff/

17. integration of third-party services and content

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Section 6 (1) (g) KDR-OG), we sometimes use content or service offers from third-party providers within our online offer in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as „content”).

This always presupposes that the third-party providers of this content recognise the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as „web beacons”) for statistical or marketing purposes. Pixel tags can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, visit time and other information about the use of our online offer, as well as being linked to such information from other sources.

18 Google Maps

We integrate the maps of the „Google Maps” service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The processed data may include, in particular, IP addresses and location data of users, which, however, are not collected without their consent (usually in the context of the settings of their mobile devices). Privacy policy: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

19 Google Fonts

This website loads Google Fonts locally from its own server. Where YouTube videos are embedded, the YouTube player still loads fonts from fonts.gstatic.com. So far, we have not seen any way to prevent this.

20 Adobe Spark

Functions and content of the Adobe Spark service, offered by Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland, may be integrated into our online offering. By using Adobe Spark Page on this website, data is also transmitted to Adobe - but only when the visitor clicks on an Adobe Spark presentation. We would like to point out that we have no knowledge of the content of the transmitted data or its use by Adobe. Privacy policy of Adobe Spark: https://www.adobe.com/de/privacy.html

The use of Adobe Spark is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Section 6(1)(g) KDR-OG. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Section 6 (1) (b) KDR-OG; the consent can be revoked at any time.

21 YouTube

We use the so-called „extended data protection mode“ of the provider YouTube to embed videos. According to YouTube, no personal information is stored for playbacks of embedded videos with extended data protection. Where YouTube content is used, a cookie (VISITOR_INFO1_LIVE) is used to estimate the available download bandwidth and another (YSC) to create a user ID that is used to control the playback window. This cookie is only valid until the end of the session.

According to YouTube, the extended data protection mode means that YouTube does not store any information about visitors to this website before they watch the video. As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube can store various cookies on your end device after starting a video. With the help of these cookies, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts. The cookies remain on your end device until you delete them. If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no influence.

Further information on YouTube's official data protection policy can be found here: https://www.google.de/intl/de/policies/privacy/

Where YouTube videos are shown in a Adobe Spark presentation are not included in the "Extended data protection mode" embedded. Cookies from doubleclick.net are also loaded here. Some of these cookies, which are used for advertising, are intended for users who sign up to use Google services. For example, „SID“ is used to identify a logged-in user on non-Google sites and to store whether the user has consented to personalised advertising. This cookie is valid for 2 weeks. „IDE“ and „NID“ are used for these purposes to display Google adverts on non-Google websites.

The use of YouTube is in the interest of an appealing presentation of our online offering. This constitutes a legitimate interest within the meaning of A§6 para. 1 lit. g KDR-OG. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Section 6 (1) (b) KDR-OG; the consent can be revoked at any time.

Where YouTube videos are included in an Adobe Spark presentation, they are not included in the "Extended data protection mode" embedded. Cookies from doubleclick.net are also loaded here. Some of these cookies, which are used for advertising, are intended for users who sign up to use Google services. For example, „SID“ is used to identify a logged-in user on non-Google sites and to store whether the user has consented to personalised advertising. This cookie is valid for 2 weeks. „IDE“ and „NID“ are used for these purposes to display Google adverts on non-Google websites.

22. podcasts

Podcasts offered on some of our websites are hosted by the company Castos, 1209 North Orange Street, Wilmington, Delaware 19801, USA, hosted. Privacy policy of Castos: castos.com/privacy

23 Further documents on data protection

Data Protection Officer

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the EU member states as well as other data protection regulations is

SMMP Europa e.V.
Sister Johanna Guthoff
Mountain monastery 1
59909 Bestwig

The company data protection officer is:

Brigitta Staudinger
Mountain monastery 1
59909 Bestwig
Tel.: 02904 808-450
b.staudinger@smmp.de

The data protection officer of the religious community is

Lawyer Stefan Strüwe
CURACON GmbH
Am Mittelhafen 14
48155 Münster
stefan.struewe@curacon.de

Welcome to