Privacy Policy

Personal data (hereinafter mostly referred to as "data") of supporters, potential supporters and visitors of our website, hereinafter collectively referred to as "users", will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there.

Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the "GDPR"), "processing" refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.

The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control.

Our privacy policy is structured as follows:

I. Information about us as controllers of your data
II. The rights of users and data subjects
III. Information about the data processing

I. Information about us as controllers of your data

The party responsible for this website (the "controller") for purposes of data protection law is:

Mary’s Meals Deutschland e. V.
Fürstenbergerhofstr. 21
55116 Mainz
Germany

Register of Associations: District Court Mainz, VR 40583
Charitable recognized body, tax no. 26/675/12951

Represented by:
Maria-Christiana von Habsburg-Lothringen (Chair)
Ingrid Schürmann (Dpt. Chair)
Maria-Anna von Stauffenberg
Ansgar Schürmann
Andreas Schwab

Phone: +49 6131 275 43 00
Email: sekretariat.deutschland@marysmeals.org

II. The rights of users and data subjects

With regard to the data processing to be described in more detail below, users and data subjects have the right

  • to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR);
  • to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
  • to the immediate deletion of data concerning them (cf. also Art. 17 GDPR), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restrict said processing per Art. 18 GDPR;
  • to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);
  • to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).

In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.

Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller’s future processing of their data pursuant to Art. 6 Para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.

III. Information about the data processing

Your data processed when using our website will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations or unless otherwise stipulated below.

Sharing with Mary’s Meals’ partner organizations

If you use one of the following sub-sites, we share the relevant data with a Mary’s Meals’ partner organisation when you make a payment (see "Payment processing"), create a user account (see "User account / registration"), subscribe to the newsletter (see "Newsletter") or get in touch with us (see "Contact"):

  • at moveformeals.org/ch and all sub-pages below it with: Mary’s Meals Schweiz, Holzacherstrasse 24, 6210 Sursee, Switzerland - Privacy policy
  • at moveformeals.org/at and all sub-pages below it with: Mary’s Meals – Schulernährung für hungernde Kinder, Steinbauergasse 15/24, 1120 Wien, Austria - Privacy policy
  • at moveformeals.org/ie and all sub-pages below it with: Mary’s Meals Ireland Company Limited By Guarantee, P32, St Patrick’s Hall, Marino Institute of Education, Griffith Avenue, Dublin 9, Ireland - Privacy policy
  • at moveformeals.org/ca and all sub-pages below it with: Mary’s Meals Canada, PO Box 76144, Millrise RPO, Calgary, AB, T2Y 2Z0, Canada - Privacy policy
  • at moveformeals.org/it and all sub-pages below it with: Mary’s Meals Italia ONLUS, Mettifoghi 15/B, 36070 Altissimo, VI, Italy - Privacy policy
  • at moveformeals.org/es and all sub-pages below it with: Fundación Mary’s Meals Spain, c/Beltrán i Rozpide 7/9, Apt. 102, 08034 Barcelona, Spain - Privacy policy
  • at moveformeals.org/pl and all sub-pages below it with: Mary’s Meals Polska, os. Na Wzgórzach 42/4, 31-727 Kraków, Poland - Privacy policy

in order to process donations, to issue and send a donation receipt, to respond to contact requests or to provide you with a newsletter more relevant to you in your local language. In addition, we share data with Mary’s Meals International Organisation (company number SC488380 and charity number SC045223) based at Craig Lodge, Dalmally, Argyll PA33 1AR, Scotland, hereinafter referred to only as "MMI", in its role as provider of a database platform for Mary’s Meals user data. The legal basis for this processing is our legitimate interest in increasing user-friendliness as well as sustainable and effective support in accordance with Art. 6 Para. 1 lit. f) GDPR. For data transfers to Canada, the United Kingdom and Switzerland, the European Commission has determined in adequacy decisions pursuant to Article 45 (3) of the GDPR that an adequate level of data protection is guaranteed.

MMI only accesses personal data of users when requested to do so by us in order to assist us in providing our services. In addition, we only share user data when:

(a) we or MMI work with partners that we or MMI have carefully selected to work on our behalf, such as service providers and subcontractors (e.g. IT service providers and providers of technology, payment and delivery services), to perform any contract we or MMI enter into with them. The type of work we or MMI request from them includes processing, packaging, shipping and delivering purchases, answering questions about us and our services, conducting research or analysis to assist us in our mission, and processing payments.

We and MMI only choose partners we trust and only share personal data with them if they have agreed to protect your data. We do not allow these partners to use your data for their own purposes or to share it with other third parties, and we will take all reasonable care to ensure that MMI and these partners keep your data secure or

(b) we are legally obliged to do so, e.g. by law or court order.

We will not sell users’ information. We will not share users’ information with organisations other than those mentioned here.

Server data

For technical reasons, the following data sent by your internet browser to us or to our server provider, the dogado GmbH, Saarlandstr. 25, 44139 Dortmund, Germany, hereinafter referred to as "dogado", will be collected, especially to ensure a secure and stable website: These server log files record the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on our site visited, the date and time of your visit, as well as the IP address from which you visited our site.

The data thus collected will be temporarily stored, but not in association with any other of your data.

The basis for this storage is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website.

The data will be deleted within no more than six months, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.

dogado provides further information on data processing at

https://www.dogado.de/legal/datenschutz

Cookies

a) Session cookies

We use cookies on our website. Cookies are small text files or other storage technologies stored on your computer by your browser. These cookies process certain specific information about you, such as your browser, location data, or IP address.  

This processing makes our website more user-friendly, as the processing enables, for example, the maintenance of the login status.

The legal basis for such processing is Art. 6 Para. 1 lit. b) GDPR, insofar as these cookies are used to collect data to initiate or process contractual relationships.

If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6 Para. 1 lit. f) GDPR.

When you close your browser, these session cookies are deleted.

b) "Remember" cookie

At our login page, we offer you the option of remaining logged in even after you close your internet browser. For this purpose, we use a cookie with a validity of one week. This processing makes our website more user-friendly, as the processing enables the login status to be maintained.

The legal basis for this processing is our legitimate interest in improving the functionality of our website in accordance with Art. 6 Para. 1 lit. f) GDPR.

c) Third-party cookies

If necessary, our website may also use cookies from companies with whom we cooperate for the purpose of advertising, analyzing, or improving the features of our website.

Please refer to the following information for details, in particular for the legal basis and purpose of such third-party collection and processing of data collected through cookies.

d) Disabling cookies

You can refuse the use of cookies by changing the settings on your browser. Likewise, you can use the browser to delete cookies that have already been stored. However, the steps and measures required vary, depending on the browser you use. If you have any questions, please use the help function or consult the documentation for your browser or contact its maker for support. Browser settings cannot prevent so-called flash cookies from being set. Instead, you will need to change the setting of your Flash player. The steps and measures required for this also depend on the Flash player you are using. If you have any questions, please use the help function or consult the documentation for your Flash player or contact its maker for support.

If you prevent or restrict the installation of cookies, not all of the functions on our site may be fully usable.

User account / registration

If you create a user account with us via our website, we will use the data you entered during registration (e.g. your name or your email address) exclusively for services leading up to your potential placement of an order or entering some other contractual relationship with us, to fulfill such orders or contracts, and to provide user care (e.g. to provide you with an overview of your previous performance or to provide you with an individual donation link). We also store your IP address and the date and time of your registration and last login. Optionally, there is the possibility to store a profile picture.

During the registration process, your consent will be obtained for this processing of your data, with reference made to this privacy policy. The data collected by us will be used exclusively to provide your user account. 

If you give your consent to this processing, Art. 6 Para. 1 lit. a) GDPR is the legal basis for this processing.

You may revoke your prior consent to the processing of your personal data at any time under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent.

The data previously collected will then be deleted as soon as processing is no longer necessary. However, we must observe any retention periods required.

Newsletter

If you register for our free newsletter, the data requested from you for this purpose, i.e. your email address and, optionally, your name and address, will be sent to us. We also store the IP address of your computer and the date and time of your registration. During the registration process, we will obtain your consent to receive this newsletter and the type of content it will offer, with reference made to this privacy policy. The data collected will be used exclusively to send the newsletter and will not be passed on to third parties, except for a Mary’s Meals partner organisation listed above to provide you with a more relevant newsletter in your local language if you use a respective sub-page.

The legal basis for this is Art. 6 Para. 1 lit. a) GDPR.

You may revoke your prior consent to receive this newsletter under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent or click on the unsubscribe link contained in each newsletter.

Contact

If you contact us via email or the contact form, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all.

The legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR.

Your data will be deleted within six months once we have fully answered your inquiry and there is no further legal obligation to store your data, such as if an order or contract resulted therefrom.

User posts and public comments

We offer you the opportunity to publish a public post or comment, hereinafter referred to as "posts", within your user profile and within our donation forms on this website. If you make use of this offer, we will process and publish your post, the date and time of submission, your first name and your surname shortened to the first letter. If you do not wish this, you can of course make yourself anonymous.

The legal basis for this is Art. 6 Para. 1 lit. a) GDPR. You may revoke your prior consent under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent.

In addition, we will also process your IP address and email address. The IP address is processed because we might have a legitimate interest in taking or supporting further action if your post infringes the rights of third parties and/or is otherwise unlawful.

In this case, the legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in any legal defense we may have to mount.

Social media links via graphics

We also integrate the following social media sites into our website. The integration takes place via a linked graphic of the respective site. The use of these graphics stored on our own servers prevents the automatic connection to the servers of these networks for their display. Only by clicking on the corresponding graphic will you be forwarded to the service of the respective social network.

Once you click, that network may record information about you and your visit to our site. It cannot be ruled out that such data will be processed in the United States.

Initially, this data includes such things as your IP address, the date and time of your visit, and the page visited. If you are logged into your user account on that network, however, the network operator might assign the information collected about your visit to our site to your personal account. If you interact by clicking Like, Share, etc., this information can be stored your personal user account and possibly posted on the respective network. To prevent this, you need to log out of your social media account before clicking on the graphic. The various social media networks also offer settings that you can configure accordingly.

The following social networks are integrated into our site by linked graphics:

Facebook

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.

Privacy Policy: https://www.facebook.com/policy.php

Twitter

Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA

Privacy Policy: https://twitter.com/privacy

YouTube

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA

Privacy Policy: https://policies.google.com/privacy

Instagram

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.

Privacy Policy: https://help.instagram.com/519522125107875

Google reCAPTCHA

Our website uses Google reCAPTCHA to check and prevent automated servers ("bots") from accessing and interacting with our website. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google).

This service allows Google to determine from which website your request has been sent and from which IP address the reCAPTCHA input box has been used. In addition to your IP address, Google may collect other information necessary to provide and guarantee this service.   

The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the security of our website and in the prevention of unwanted, automated access in the form of spam or similar.

Google offers detailed information at

https://policies.google.com/privacy

concerning the general handling of your user data.

To prevent the execution of the JavaScript code from Google altogether, you can install a so-called JavaScript blocker, such as noscript.net or ghostery.com. However, if you prevent or restrict the execution of the JavaScript code, this may result in not all content and functions of our website being available for technical reasons.

Strava

We offer you to connect your user account free of charge to the Strava service provided by Strava Inc, 208 Utah Street, San Francisco, CA USA 94103, USA, hereinafter only referred to as "Strava". If you choose to use it, you will be redirected to Strava for login. If you consent to Strava sharing certain personal information with us, Strava will inform our website of, among other things, your unique identifier and by event, the meters collected through the service.

The legal basis for this is Art. 6 Para. 1 lit. a) GDPR.

Strava provides further data protection information at

https://www.strava.com/legal/privacy

jsdelivr.net-CDN

We use the service jsdeliver.com, a content delivery network ("CDN"), on our website to optimise the retrieval speed, the design and presentation of the content of our website on different devices.  This is an open source service provided by Prospectone Sp.z.o.o., ul. Krolweska 65A, 30-081, Cracow, Poland.

In order to be able to deliver the content of our website quickly, the service uses so-called JavaScript libraries.  Corresponding files are loaded from a third-party server that records your IP address.  We have no influence on whether your IP address is processed by third parties for statistical purposes.

At

https://www.jsdelivr.com/privacy-policy-jsdelivr-net 

Prospectone Sp.z.o.o. offers further data protection information.

The legal basis is Art.  6 para. 1 lit. f) GDPR. Our legitimate interest lies in speeding up loading times and protecting our website, as well as in analysing and optimising our website.

To completely prevent jsdeliver.net from executing the JavaScript code, you can install a so-called JavaScript blocker, such as noscript.net or ghostery.com. If you were to prevent or restrict the execution of the Java Script code, this can mean that for technical reasons not all the content and functions of our website may be available.

Cloudinary-CDN

In order to optimise the retrieval speed, design and display of the graphics of our website on different end devices, we use the Cloudinary service, a content delivery network ("CDN"). This is a service operated by Cloudinary Ltd, 3400 Central Expressway, Suite 110, Santa Clara, CA 95051, USA.

To be able to deliver the graphics of our website quickly, the service accesses corresponding files from a third party server that collects your IP address. We have no influence on whether your IP address is processed by third parties for statistical purposes.

Cloudinary provides further data protection information at

https://cloudinary.com/privacy

The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the acceleration of the loading times of our website and its optimisation.

For the transfer of data from the EU to the USA, Cloudinary refers to so-called standard data protection clauses of the European Commission, which are supposed to ensure compliance with the European level of data protection in the USA.

Payment processing

For the payment processing of donations, we are using the following payment services:

  • PayPal by PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, hereinafter referred to only as "PayPal"
  • Stripe by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, hereinafter referred to only as "Stripe", and
  • Payrexx by Payrexx AG, Burgstrasse 20, 3600 Thun, Switzerland, hereinafter referred to only as "Payrexx".

The legal basis is a legitimate interest in offering effective and secure payment options in accordance with Art. 6 Para. 1 lit. f) GDPR. 

By integrating PayPal and Stripe, your internet browser loads the JavaScript libraries offered by the services. This alone transmits the operating system you use, the type and version of your internet browser, the website from which the donation form was requested, the date and time of the request and the IP address to PayPal and Stripe - even without you interacting with the page.

As soon as you complete the donation, the data you enter in the input fields of the donation form will be processed by PayPal, Stripe and Payrexx on their own responsibility to process the payment.

For the transfer of data from the EU to the USA, PayPal and Stripe refer to so-called standard data protection clauses of the European Commission, which are supposed to ensure compliance with the European level of data protection in the USA. An adequacy decision of the European Commission applies to the transfer of data to Switzerland when using Payrexx.

PayPal provides further information at https://www.paypal.com/de/webapps/mpp/ua/privacy-full,
Stripe at https://stripe.com/de/privacy,
and Payrexx at https://www.payrexx.com/en/legal/

about the processing described above as well as the applicable data protection provisions.

Model data protection statement by Anwaltskanzlei Weiß & Partner. Own changes and additions were made.