The protection of your privacy is extremely important to us. This data protection declaration provides information on how and for what purpose we process personal data and explains the rights to which you are entitled. We are aware of how important personal data is to our users and we uphold all German and European data protection provisions.

1. Contact & data protection officer

In relation to the General Data Protection Regulation (DSGVO), the organisation responsible is:

Fidin
CALLE CULTURA ( DE LA ) 3 BJ-1
28523 LA PARTIJA-SANTA MONICA
Madrid, Spain
tech@fidin.org

Our Data Protection Officer can be contacted at tech@fidin.org or our postal address with the addition of "data protection".

2. Your rights

You have the following rights with respect to us regarding the personal data relating to you:

3. Processing by external service providers

In some cases, we avail of external service providers to process your data. We select and commission these carefully, they are bound by our instructions and inspected on a regular basis.

4. Gathering of personal data while visiting our website

In the case of use of the website for purely informational purposes, if you do not – for instance, using our search function – provide us with information in any other way, we gather only the personal data which your browser transmits to our server. If you wish to view our website, we gather the following data, which we technically require in order to show you our website and to guarantee stability and security. The legal basis for the temporary storage of the data is Art. 6 Para. 1 lit. f of the General Data Protection Regulation.

The data are saved in the logfiles of our system. This data can never be connected to other personal data of our users. The data are deleted once they are no longer required to achieve the purpose of your gathering. In the event that the data are saved in log files, this occurs at the most seven days later.

It is possible to save the data for longer than this. In this case, the users’ IP addresses are deleted or anonymised so that they can no longer be associated with the visiting client.

In addition, while you are using our website, cookies are saved on your computer. See below and section 4 in this regard.

We gather anonymous data in order to identify and gather errors and problems in Fidin products and services. These data include data in connection with program crashes. We use several third-party providers for the gathering of error logs. During the use of the Fidin’s website, various pieces of personal data that are necessary for the performance are saved on the technical infrastructure of the third-party supplier a limited period of time in encrypted form.

5. Cookies

Cookies are small text files which are saved on your hard drive assigned to the browser you have used and through which the location which the cookie sets (here by us) accrues specific pieces of information. Cookies cannot execute any programs or transmit viruses to your computer. They serve to make Fidin more user-friendly and more effective in general.

We set one or several persistent cookies in order to save the user’s settings and to make our website more user-friendly, to analyse user behaviour and as necessary carry out web analytics (see below in this regard) or A/B testing (see below also). The legal basis for the processing of personal data using cookies is Art. 6 Para. 1 lit. f of the General Data Protection Regulation.

Persistent cookies are automatically deleted after a specified length of time, which may differ from one cookie to another. You may delete the cookies in the security settings of your browser at any time. You may configure your browser setting the way you want it and e.g. refuse the acceptance of third-party cookies or all cookies. Cookies that have already been saved may be deleted at any time. This can also be done automatically. Please note that you may not be able to use all functions of this website within the full scope if you deactivate cookies for our website.

6. Mobile Apps

The Fidin app provides another means of access to the Fidin platform. Accordingly, we use your data within the app as if you were accessing Fidin via our website. This applies, for example, also to the use of your data and cookies, which will be used for the same purposes on the same legal basis. Thus, the statements made in the present privacy policy will apply to the app.

a. Additional use of app-specific data

We use a safe and fully encrypted analysis service, which we ourselves operate, in order to analyse and continuously improve the use of our app. Using the statistics obtained, we can improve our offering and design it in a more interesting way for you as a user. The legal basis for this processing of your personal data is Art. 6 Abs. 1 lit. f of the General Data Protection Regulation.

Additionally to the data described under 7.g. we collect the following data when you use our app:

The Fidin app may use your locational data in anonymized, respectively pseudonymized, form if you have allowed access to these data on your device. We use the locational data in order to give you a better Fidin experience or to show more relevant search results or advertising to you. Personal data such as names, addresses or dates of birth will not be collected, stored or transmitted.

This data is anonymised after a short space of time, generally 7 days. The anonymised data is saved for as long as is necessary for the evaluation. The data is not transferred to any third party. We will not access your data located outside of the app, such as your calendar, photos, messages or such like unless you have permitted us to do so.

b. Third party integrations

We use a 3rd party service called "HockeyApp" to collect and analyse crash reports of our app.

In particular, HockeyApp saves and processes the following data:

HockeyApp is offered under the Microsoft Azure Service Agreement and is operated by: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft is certified under the “Privacy Shield” US-EU data protection agreement and undertakes to uphold the EU data protection provisions. For information on data protection at HockeyApp, go to: https://hockeyapp.net/imprint/

c. Conversion tracking

We use several offerings of third-party providers to advertise our app on external websites and services. We have integrated third-party providers in our app which form a direct connection with the provider's server to report a succesfull conversion. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. By doing so, we can achieve a fair calculation of advertising costs. The legal basis for this processing of your data is Art. 6 Para. 1 lit. f of the General Data Protection Regulation.

We use the following conversion tracking services in the app:

We do not have any influence on the scope and the further use of the data which are gathered by the third-party provider. Therefore, we inform you in accordance with what we know: Due to their involvement, the third-party provider receives the information that you installed our app due to an advertising campaign run through the third-parties network.

For further information on data protection in third-party suppliers which we commission to measure the success of our advertising measures, go to:

d. Push notifications

If you have correspondingly configured your mobile end device and have activated push notifications in the Fidin app, this will enable the Fidin app to send push notifications to your device, for example in order to provide you with information about us, about our planting projects, news or new functionalities or to send you system notifications.

You may easily revoke your consent to receiving push notifications at any time by deactivating them in the settings of the operating system.

7. Special forms of use of the Fidin website

a. Search

Fidin search is a search which is supported by third-party suppliers. If a search is carried out with Fidin, data are transferred to Bing. Bing is operated by: Microsoft Ireland Operations Ltd, Carmanhall Road, Sandyford Industrial Estate, Dublin 18, Ireland (referred to below as: Bing). This is done in order to display search results and to prevent fraudulent activities. The following data are transferred to Bing during a search enquiry: IP address, user agent string, search term, country and language settings, filter settings for adult content, active search filter settings (e.g. filter search results by date).

Fidin also assigns a “Bing Client ID” in order to improve the quality of the search results. This value is a user-specific ID which enables Bing to deliver more relevant search results also based on previous searches. The ID is saved in the Fidin cookie and retrieved during future visits. In both cases, the legal basis for the processing of these data is Art. 6 Para. 1 S. 1 lit. f of the General Data Protection Regulation.

However, you have full control over the use of this “Client ID”. If “Do not track” is activated in your browser, the Client ID is automatically deactivated and neither saved nor sent. The Client ID and personalised search results can also be switched off specifically in the Fidin search settings.

Microsoft/Bing is certified under the “Privacy Shield” US-EU data protection agreement and undertakes to uphold the EU data protection provisions. For information on data protection at Bing, go to: https://privacy.microsoft.com/privacystatement

b. Blog functions

We provide a blog in which we publish various posts on topics about our activities in order to circulate our website and its contents on the internet and to increase our visitor numbers.

We use the “Ghost” blogging platform to operate the blog. Ghost does have access to your IP Address when you are using our Blog functions in order to provide the service. The legal basis for this processing of your personal data is Art. 6 Abs. 1 lit. f of the General Data Protection Regulation. Ghost is operated by Ghost Foundation, 24 Raffles Place, #10-05 Clifford Centre, 048621 Singapore. For information on data protection with this third-party supplier, go to: https://ghost.org/privacy/.

When you are using our blog functions we collect and store personal information and usage data in order to improve the service as described under g. Web Analytics. The legal basis for this processing of your personal data is Art. 6 Abs. 1 lit. f of the General Data Protection Regulation.

Content embeds

Blog posts may contain third-party embeds, which may in some cases collect and store personal data. These “embeds” are hosted by a third-party and embedded in our Blog. For example: YouTube videos, Facebook or Instagram posts and feeds or Twitter tweets that appear within a Blog post. These files send data to the hosting site just as if you were visiting that site directly. For example, when you load a Blog post page with a YouTube video embedded in it, YouTube receives data about your activity. Fidin does not control what data third parties collect in cases like this, or what they will do with it. The use of personal data by embedded content providers is not covered by this statement, but by the privacy policies of those sites or services.

Comments

Public comments can be made on our blog. Comments you make are published with your user name. We recommend using a pseudonym rather than your real name.

Our commenting function uses the Disqus plugin, operated by Big Head Labs Inc. (future: “Disqus”), which is responsible for processing comments. With Disqus, you can add a comment to our blogposts that will be saved and displayed as long as the post in question is online on our website or until you delete the comment.

You can use the commenting function as both a guest and a registered Disqus user on all websites that use Disqus. You can also register via your accounts with the third-party providers Facebook, Twitter and Google. When you register via the login details of a third-party provider, the provider will also process your personal data; however, we will not have access to this information. Information collected by the commenting function is made available to us via Disqus. The legal basis for this is Art. 6(1)(1)(f) of the GDPR.

The contact details of the responsible party are: Big Head Labs, Inc., San Francisco, USA. Terms of Service: http://help.disqus.com/customer/portal/articles/466260-terms-of-service/ can find more detailed information on the processing of your data in the provider’s privacy policy: http://help.disqus.com/customer/portal/articles/466259-privacy-policy.

c. Newsletter

You can subscribe to our newsletter through which we inform you of our latest interesting offerings. The goods and services advertised are specified in the declaration of consent. We use the “Mailchimp” newsletter delivery platform to send our newsletter. Mailchimp is operated by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA.

We use the “double opt-in” procedure for registration for our newsletter. This means that, after registering, you receive an email to the email address provided, in which you are asked to confirm that you want to receive the newsletter. If you do not confirm your registration within 24 hours, your information is locked and deleted automatically after one month. The aim of this procedure is to prove your registration and, as applicable, to resolve a potential misuse of your personal data.

The following are saved:

We explicitly do not give your email address to any third party. Mailchimp is certified under the “Privacy Shield” US-EU data protection agreement and undertakes to uphold the EU data protection provisions.

Your email address is saved for as long as the subscription to the newsletter is active. The other data gathered as part of your registration are generally deleted within a seven-day period.

You may unsubscribe from the newsletter at any time. This can be carried out using the link provided in each newsletter. This link also enables you to withdraw your consent to saving of the personal data gathered during the registration process.

We also refer you to the refusal options in data gathering for advertising purposes on the websites http://www.aboutads.info/choices/ and http://www.youronlinechoices.com/ (for the European area).

d. Surveys

We use the “Typeform” platform to carry out our surveys. Surveys help us to better adapt our offerings to your needs. The legal basis for this processing of your personal data is Art. 6 Abs. 1 lit. f of the General Data Protection Regulation. Typeform is operated by TYPEFORM S.L. Carrer Bac de Roda, 163, 08018 Barcelona, Spain. If you take part in a survey, the following data are processed:

These data are saved for as long as they are required for evaluation of the survey, generally up to two years. After this, they are deleted or anonymised. The data gathered in relation to surveys is not transferred to any third party.

e. Job applications

We use the “Workable” application platform to administer our job application process. Workable is operated by Workable Software Limited, 21a Kingly Street, 2nd Floor, London, UK.

All data which you have provided for your job application (name, email address, phone number, photo, CV, cover letter, etc.) as well as the associated communication between you and Fidin are saved during the job application process.

After your job application has been transferred via the input screen, you will receive a confirmation email at the email address you provided, in which you are requested to confirm your job application (double out-in procedure). If you do not confirm your registration within 24 hours, your information is locked and deleted automatically after one month. The aim of this procedure is to prove your registration and, as applicable, to resolve a potential misuse of your personal data.

The legal basis for the processing of the data following confirmation of your application is Art. 6 Para. 1 lit. a of the General Data Protection Regulation. You may withdraw your job application at any time. A link to do this is provided in the confirmation email. In this case, your data are locked and they are deleted automatically one month later.

In all cases, your documents are deleted no later than one month after the end of the application process.

f. Contact form and help pages

We use the “Zendesk” platform to handle your enquiries. In an enquiry, the data you provide are saved and processed in order to answer your questions. At the same time, we gather certain pieces of statistical information via cookies in order to improve the contact and enquiry function and use your data to prevent any potential misuse of this function. In this context, the data are not forwarded to third parties. The data arising in this context are deleted after their storage is no longer necessary or restricted if legal storage obligations exist.

The following pieces of your data are saved:

The processing of your personal data for the use of our enquiry and contact function is carried out on the basis of your consent.

The headquarters of Zendesk are located in the US, and your data, gathered when using our enquiry and contact function, are sent there. Zendesk is certified under the “Privacy Shield” US-EU data protection agreement and undertakes to uphold the EU data protection provisions. https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG

g. Web analytics

We use a safe and fully encrypted web analysis service, which we ourselves operate, in order to analyse and continuously improve the use of our website. Using the statistics obtained, we can improve our offering and design it in a more interesting way for you as a user. The legal basis for this processing of your personal data is Art. 6 Abs. 1 lit. f of the General Data Protection Regulation.

For this evaluation, cookies (see above) are saved on your computer and the following data are processed:

These data are anonymised after a short space of time, generally 7 days. The anonymised data are saved for as long as is necessary for the evaluation. The data are not transferred to any third party.

If you do not wish to take part in the tracking, you can deactivate the gathering of all usage data by activating the “Do not track” setting in your browser.

h. A/B testing

We additionally carry out analyses of usage behaviour by means of “A/B testing”. As part of this, based on the completion of a profile assignment, we can show you our websites with slightly varied content. Thus, we can analyse and continuously improve our offering, and make it more interesting for you as a user. The legal basis for this processing of your personal data is Art. 6 Abs. 1 lit. f of the General Data Protection Regulation.

Cookies (see above) are saved on your computer for the purpose of allocation to a test group. Allocation to the test groups is always carried out on a random basis. We use the data gathered by our web analysis service (see above) for the evaluation. We save the information gathered in this way on our server in Germany only.

Before carrying out the analyses, the IP addresses are processed further in a shortened form, thus preventing direct traceability to any particular individual. The IP address forwarded by your browser is not amalgamated with other data we have gathered.

If you do not wish to take part in the tests, you can deactivate the gathering of all usage data and the saving of the relevant cookies by activating the “Do not track” setting in your browser.

i. Online advertising

Advertising on Fidin

At Fidin, advertisements are shown beside or above the search results. If you click on these adverts, we earn commission. We use this to pursue the interest in generating income which goes towards covering our ongoing costs and payments to tree planting projects. These adverts are provided by advertising networks.

We work with the Bing Ad Network. During the search and simple display of an advert, no data are transferred to this advertising network (only to Bing, see above). The following data, among others, are only sent to the advertising network when you click on an ad: the search term, your IP address, place, date and time of the search inquiry and the browser configuration.

Fidin also assigns a Bing “Client ID” in order to improve the quality of the adverts. This value is a user-specific ID, which is saved in the Fidin cookie and retrieved during future visits.

This enables Bing to display more relevant adverts from Bing or third-party suppliers from the Bing ad network for you, based in part on prior searches. The legal basis for the data processing referred to Art. 6 Para. 1 S. 1 lit. f of the General Data Protection Regulation.

If “Do not track” is activated in your browser, the Client ID is automatically deactivated and neither saved nor sent. The Client ID and personalised adverts can also be specifically switched off in the Fidin search settings.

For further details on the data processing of the Bing Ad Network, go to: https://privacy.microsoft.com/privacystatement

Monitoring the success of advertisements via Fidin on third-party provider platforms

We use several offerings of third-party providers Google, Facebook and Amazon, in order to call attention to ourselves with the help of advertising tools on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. By doing so, we pursue the interest in showing you advertising which is of interest to you, we can shape our website in a way which is more interesting for you and we can achieve a fair calculation of advertising costs.

In some places, but never on search pages, Fidin allows third-party providers to set cookies in order to check the success of Fidin advertising campaigns.

Based on the marketing tools used, your browser automatically forms a direct connection with the third-party provider’s server. We do not have any influence on the scope and the further use of the data which are gathered by the third-party provider. Therefore, we inform you in accordance with what we know: Due to their involvement, the third-party provider receives the information that you visited the relevant website of our internet presence or clicked on one of our adverts.

If you are registered for one of the third-party providers’ services, it may assign the visit to your account. Even if you are not registered or you have not logged in, it is possible that the provider may find out your IP address and other identifying characteristics and save them.

The legal basis for this processing of your data is Art. 6 Para. 1 lit. f of the General Data Protection Regulation. You may prevent the participation in this tracking process in various ways:

For further information on data protection in third-party suppliers which we commission to measure the success of our advertising measures, go to:

We never integrate tracking scripts or pixels into Fidin search pages. Therefore, search data are never shared with third-party providers who are not directly connected with the provision of the search service.

7. Refusal or withdrawal of the consent to processing of your data

If you have granted your consent to the processing of your data, you can withdraw this at any time. Such a withdrawal influences the permissibility of processing of your personal data, on the basis that you have stated this to us.

Insofar as we support the processing of your personal data on a balancing of interests in accordance with Art. 6 Para. 1 lit. f of the General Data Protection Regulation, you may at any time refuse the processing of data about you for reasons which arise from your specific situation. In the event of a refusal, we will inspect the matter and will stop or adjust the data processing, unless we can provide compelling and legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Of course, you may refuse the processing of your personal data for advertising purposes at any time. No justification is required to do so. This also applies to profiling if it is connected with such direct advertising.

To assert a refusal or a withdrawal of consent, please contact our Data Protection Officer at tech@fidin.org.org.


Data protection declaration version date: 01/02/2019