Data Privacy declaration
Thank you for your interest in our internet website.
We place great value on the protection of your data and privacy. Here we inform you, the user, about the kinds of data, the extent and purpose of the data collection and the usage of personal data on this website by ourselves, the data controllers.
With regard to the terminology used, e.g. „controller“ or „processor“, please refer to the definitions in Article 4 General Data Protection Regulation (GDPR).
Data Controller, Data Protection Officer
Data Controller according to the Data Protection Laws, in particular the EU-General Data Protection Regulation, (GDPR) is:
MADE IN BANGLADESH e.V.
c/o Claas Liegmann
10829 Berlin, Germany
Telephone: +49 176 47 72 45 80
We do not have an appointed representative or data protection officer.
1. Data protection
Our privacy and data protection policy is based on the General Data Protection Regulation (GDPR) of the European Union. For German citizens and authorities it is extended by the new version of the Bundesdatenschutzgesetzes (BDSG). Both laws came into force on the 25. May 2018.
Which data is protected?
Article 4 GDPR and § 46 BDSG both define data to be protected as: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This also includes IP addresses and content data such as comments on blog articles.
Your rights as data subject
By way of the above contact data you may exercise the following rights at any time:
- Right to access:You may request, in accordance with Article 15 GDPR, disclosure of whether we have stored or process any data concerning your person. You have the right to receive copies of the data, and of any further pertinent information thereabaout.
- Right to correction: In accordance with Article 16 GDPR you have the right to demand the completion of incomplete data concerning yourself, and / or the correction of any incorrect data about yourself.
- Right to erasure: In accordance with Article 17 GDPR you can require that data about yourself is deleted without undue delay. Legal restrictions may however take precedence.
- Right to restriction of data processing: according to Article 18 GDPR, inasmuch as the data concerned cannot be erased due to a legal restriction.
- Right to objection: to the processing of your available data in accordance with Article 21 GDPR.
- Right to revocation: You may revoke a given approval in accordance with Article 7 Section 3 GDPR with effect for the future.
- Right to data portability: If you have agreed to the data processing or have entered into a contract with us, you may demand to receive the data concerning you that you have provided us with, in accordance with Article 20 GDPR, and to demand the transmission to another responsible party.
- Right to complaint: You may approach the responsible authority with a complaint in accordance with Article 77 GDPR at any time. Your responsible authority varies according to your residence, workplace or the suspected infringement.
2. Personal data gathered by this website
Voluntary input by way of this website
Establishment of contact
Our contact form does not store data on the webserver – it sends us an email to the above address. Our exchange of emails contains personal data. This data will be used and recorded solely for the purpose of dealing with your concern or for the establishment of contact and the related technical administration. The legal basis for our processing of your data is our legitimate interest in dealing with your concern in accordance with Article 6 Section 1 Clause f GDPR. If the conclusion of a contract is at issue, a further legal basis for processing is Article 6 Section 1 Clause b GDPR. The data provided by you remains with us until you request its deletion, revoke your consent to the recording of the data, or the need for the data recording lapses. Mandatory legal provisions – especially retention periods – retain precedence.
At the end of some pages of this website (blog articles) you may find comments left by users, and the possibility to submit your own comments. Comments are not published automatically, instead they are published only after after we have assessed the content (we may delete them if we find the content offensive, insulting, defamatory or otherwise objectionable).
Comment text, name, email address, your website if entered, and time of entry are recorded in the database of our website (but not your IP-address), and are visible to us as administrators. If you enter your true email address, your previously stipulated rights apply.
Comments which we reject we delete immediately. Published comments with their accompanying data are preserved for an indefinite period of time, until they are removed due to the request of the person who left the comment, due to a legal obligation or due to our own decision. With the removal we irrevocably delete all associated data.
Legal basis: The recording of your comments is based on your consent, in accordance with Article 6 Section 1 Clause a GDPR. You may revoke a consent previously given at any time. All it takes is an informal notification to us via email. The legality of the previous data processing remains unaffected by the revocation.
Dispatching of Newsletters via the MailChimp service
The service provider may use the recipient data in pseudonymised form (i.e. without being attributable to particular persons), in order to optimise and improve their service, e.g. technical improvements in mail dispatching, improved rendering of the newsletter; or for statistical purposes. The service provider will not use the recipient data to write to them directly, nor will they pass on the data to a third party.
Duration of data storage
The criteria for the duration of data storage differ for the various types of data. Please refer to the relevant sections and the paragraph „business-related processing“ below.
Tracking in this context means recording activities of a specific user, e.g. how a user navigates through a website, what she/he downloads or buys, and when she/he revisits the website. When large, centralised services such as Google Analytics are used for this purpose, the possibility for the service provider to track a particular persons activities across many websites arises.
We find this kind of tracking excessive and disrespectful – although it legally counts as a „legitimate interest“ of the website owner in accordance with the GDPR.
We therefore practice „tracking“ in accordance with our own understanding: We use the WordPress Plugin Slimstat Analytics as tracking software, set to (a) do without cookies, and (b) to save the IP-Addresses of the page views in truncated form. Thus an „Opt-Out“ or „Opt-In“ procedure for tracking has no relevance, as no personally identifiable information is stored. We merely „track“ the visits, not the visitors. We thereby choose to do without the possibility of recognising multiple visits by the same user as being connected – we find that your right to privacy is more important.
To repel so called hacker attacks and to respond to fraudulent access, the software which answers website data requests („webserver“) logs its actions in protocol files („log files“). This infrastructure is a part of web hosting, located at a deeper level than the website itself. The storing of data in these files occurs in accordance with Article 6 Section 1 clause f. GDPR, based on our legitimate interest concerning the reliable functioning of the website.
The log files contain the following information for every access:
- Your IP-address (see below)
- Date and time of the access
- The web address of the visited page (“URL”)
- The type of the webservers response (“HTTP status code”)
- The amount of data sent in bytes
- The web address visited immediately previously (“Referer”)*
- The browser and the client operating system used (“User Agent”)*
*Provided you have not suppressed these values via browser settings or browser plugin.
This website is hosted within the framework of a web hosting package of a well-known hosting service provider. The IP-addresses in the webserver logs are noted in an anonymous form, so that the log files do not contain personally identifiable information.
Providing your personal data to others
We do not pass on any personal data to third parties for processing, nor for any other reason. Accordingly no transfer of personal data to third countries occurs.
External contract data processor
We (see above), as data controller for this website, are allowed to commission the processing of your personal data by third parties on our behalf, and subject to requirements. This is regulated in Article 28 GDPR, which terms such a third party the “processor”.
We have not engaged any external data processor for our website.
Business related data processing
In the normal course of administering our business, much more personally identifiable information (PII) accumulates than through the use of this website. Here are some examples: Contracts, billing, bookkeeping, and in notes, documents and emails. The storage duration of PII is regulated primarily by any applicable laws, such as commercial and tax laws. After the mandated period has expired, we routinely delete that data – provided that it is no longer required to fulfill or solicit for a contract, and/or we have no further legitimate interest to retain it.
According to German law, we must retain all bookkeeping data for 10 years. After they have expired, we destroy them. If you cannot agree to this, then we are legally not able to work for you.
Your personal data cannot be accessed by third parties, as we have implemented technical and organisational safeguards to prevent this. Nor will they be provided to any third parties, except in case of legal neccessity.
3. Further topics
A cookie is a small package of data originating from a website, which your browser deposits on your computer on behalf of that website. Every time your browser requests a particular web page, it sends any cookies (name and content), which originated from that pages website, along with the request. Cookies may contain many sorts of information, e.g. choice of viewing language, shopping cart contents, or a requirement not to be tracked. A cookie may be valid only until the browser is closed, or for a specifiable period of time (e.g. 3 months, 1 year). Cookies which are to be deleted when the browser is closed, effectively temporary information, are termed „Session-Cookies“. Cookies set by the website of a page being viewed are called first-party cookies. The most problematical types of cookie from the viewpoint of data privacy are, however, so called third-party cookies. These are not set by the website visited, but by another website which the page visited has called in the background. The most widely known example of this is Google Analytics, but there are many others.
This website does not use any cookies.
Use of third-party services and content
Our online presence makes use of third-party services and/or content, such as embedded videos, podcasts, maps or web fonts to complement the information it offers (subsequently collectively referred to as “content”). This is legally covered by Article 6 Section 1 Clause f, as being a legitimate interest.
The third party must of neccessity gain knowledge of your IP address, in order to despatch the content to your browser. As far as possible we use services which only use your IP address to deliver the content. However, third parties may include so called pixel tags in their content (invisible pictures, also known as “web beacons”) for statistical or marketing purposes. This, if practiced, provides the third party with information about the visits to my website, which they may process, and correlate with information from other sources. The third party can also store cookies in your browser.
Google Web Fonts
This website makes use of so called web fonts, provided by Google on their own website, to ensure a consistent rendering of its text. Whenever a browser calls this website, the website instructs it to load a particular Google web font and use it to display the text.
In order to do so, your browser must request the web font files from Googles server; this will disclose your IP address to Google, and in most cases also the web page (one on this website) on whose behalf this is happening. The use of this technology to achieve a uniform and pleasing appearance for our website represents our legitimate interest as laid out in Article 6 Section 1 Clause f of the GDPR. If your browser does not support the use of web fonts, a replacement font available on your computer will be used.
Use of Vimeo Plugins
This website uses the Vimeo service to display videos. Vimeo is provided by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA.
Some of our web pages use a plugin supplied by the Vimeo service. Whenever you visit such a page, a connection is made to a Vimeo server to load and display the plugin and the designated video. During this process, the Vimeo server is informed which web page is requesting the service. If you are logged in to Vimeo at the time, then Vimeo is able to link that information to your personal account. When you actually use the plugin, e.g. by clicking on the start button of the video, then this information is also attributed to your account. You can prevent this association by logging out of your Vimeo user account and deleting their cookies before visiting our web pages.
Our website has been implemented using the Open Source CMS WordPress. A standard, inbuilt feature of WordPress is RSS Feeds, for both blog posts and comments. When you subscribe to (one of) these feeds, e.g. in your browser, no personal data is gathered. Note, however, that on each request for feed data, the webserver will note that request (including your IP) in its logfile. That topic has been explained in the section “Webserver Logs” above.
Encryption of the data exchanged between browser and webserver
For security and privacy, this website forces all data exchanged between the webserver and your browser to be encrypted. This is particularly relevant where you enter personal data, e.g. the contact form. The technique used is known as TLS, which stands for Transport Layer Security; earlier versions of the encryption protocoll were known as SSL (Secure Sockets Layer). You can recognise an encrypted connection by the lock symbol at the left end of the browser address bar, and the web address starting with „https://“. The encryption ensures that any data you enter to the website cannot be read and decoded by others.