Data Protection information
Table of Contents
General information
The following information provides an overview of what happens to your personal information when you visit our websites or entrust us with your personal information in a different form, e.g., in person, by mail, by fax, by email, by order card, by contact form, or as part of a job application.
Personal information is any information that can be used to identify you personally. We are committed to protecting the privacy of all individuals who use our services and to treating the personal information provided to us as confidential at all times. Our legal basis for data processing is derived from the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other applicable data protection regulations. This includes, in particular, regulations for the operation of websites and the provision of online services. The information will be used exclusively for the purposes specified in each case and will not be passed on to third parties without your express consent, unless we are legally or by contract obliged to do so. Your information will primarily be processed by us on servers within the EU. In cases where processing takes place outside the EU (e.g., by payment service providers or when using Microsoft applications), we ensure an adequate level of data protection through the use of standard contractual clauses or comparable protective measures. In addition, we require our service providers to provide appropriate confirmation of compliance with these standards. Your information will be deleted as soon as it has served the specified purpose. As the data controller, Wycliff has implemented numerous technical and organizational measures to protect your information. Nevertheless, we would like to point out that data transmission on the Internet (e.g., when communicating by email) may be subject to security vulnerabilities. It is not possible to completely protect data from access by third parties.
We are constantly improving; the above information reflects the current status of our procedures. This privacy policy is therefore regularly reviewed and updated.
Changes to this policy were last made on March 2025.
Contact details of the person responsible for data protection:
Wycliff e. V.
Siegenweg 32
57299 Burbach
Represented by Stephen Impey, Chairman of the Board
Phone: +49 2736 297-0
Email: datenschutz@wycliff.de
Please feel free to contact us at any time if you have any questions about data protection.
Contact details of the data protection officer:
We have appointed a data protection officer in accordance with Art. 37 (1) GDPR and § 38 BDSG.
Uwe E. Thomas
Wycliff e. V.
Siegenweg 32
57299 Burbach
Phone: +49 2736 297-0
dsb@wycliff.de
Legal basis and purpose of data processing
We process your personal information to the extent necessary to fulfill our legal and other obligations as a registered association. Processing always rests on one of the following legal bases (GDPR Art. 6):
- fulfillment of a contract (Art. 6 (1) (b) or pre-contractual measures. For this purpose, a valid contract must exist between us and you as the data subject, or you must have made a pre-contractual inquiry yourself (e.g., to obtain an offer). Examples of this are the processing of applicant data in order to fill a position (pre-contractual measure) or the storage of a guest’s reservation data in preparation for staying at our international conference center Karimu.
- A legal obligation (Art. 6 (1) (c)); to fulfill a legal obligation to which Wycliff e. V. is subject. This may involve a tax obligation, such as submitting payroll accounting with personal information to the tax office, or labor law obligations, such as reporting employees‘ social security data to health insurance companies, or commercial and tax law matters.
- To protect the vital interests (Art. 6 (1) (d)) of a data subject or another person; data processing must be necessary to avert a serious threat to the life, health, or physical integrity of the data subject or another person, e.g., in emergency medicine in the event of natural disasters, accidents, or epidemic control.
- The performance of a task carried out in the public interest (Art. 6(1)(e)); the task in the public interest or the sovereign authority must always rest on a legal basis. This can be EU law (e.g., a regulation) or a national federal law or state law (Social Security Code (SGB), tax laws (AO, EStG), police laws of the states).
- On the basis of our legitimate interest (Art. 6 (1) (f)), provided that no overriding interests or fundamental rights of the data subject prevent this. We will always inform data subjects in advance or at least at the time of information collection about the processing. This is usually done through our privacy policy or a notice in the respective context of data processing.
Whenever we cannot invoke any of the above legal bases, we will obtain your express consent (Art. 6 (1) (a)). This is the case, for example, when sending newsletters or using personal images.
This includes processing your information for the following purposes or as member of the following groups: inquiries via our websites, newsletters, members of the supporting circle (donor, newsletter recipients), supporters, prayer message recipients, applicants, employees, members (active, retired, on the board), candidates, volunteers, participants in seminars and events, contractual partners (partner organization, insurance company, etc.), visitors (use of Wi-Fi, library loans, etc.).
Recipients or categories of recipients of personal information
Your personal information may be passed on to:
- Administration, human resources, public relations
- Tax advisors for accounting purposes
- Social security institutions, professional association, AEM pension fund, child benefit fund, and tax offices
- Karimu International Conference Center for the purpose of planning and conducting seminars and conferences
- Other Wycliff/SIL organizations and other partner organizations
- Contractual partners
- Insurance companies
- MS Teams for online meetings/exchange; Zoom, GoogleMeet, or other tools may also be used.
Duration for which personal information is stored or, if the duration cannot be provided, criteria for determining the storage period
- Personal information will be deleted as soon as it is no longer required for the purpose for which it was collected, provided that there are no retention obligations to which we are legally bound (e.g., under commercial law (§ 257 HGB) or tax law (§ 147 AO) and others).
- Consents remain valid until the purpose for which the information was collected has been fulfilled or until they are revoked.
No profiling and no automated decision-making
We process personal information exclusively within the framework of legal requirements and refrain from any form of profiling or automated decision-making as referred to by Article 22 of the General Data Protection Regulation (GDPR).
No automated decision-making
Our processes do not involve any exclusively automated decision-making that could have legal or similarly significant effects on data subjects. Every relevant decision is supplemented by human review.
No profiling
We do not create profiles or automated analyses to evaluate personal aspects of our users, customers, or partners. Any processing of personal information is carried out only for the specified, legitimate purposes and in a transparent manner.
Donations
If you donate to Wycliff e. V., your personal information (first and last name, address, email address) may also be passed on to project managers or employees so that Wycliff can thank you for your donation. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.
The projects or employees may also be located in a third country. In these cases, information access takes place via a secure VPN connection. The device from which this information is accessed is password-encrypted and our employees are not permitted to print it out.
Handling of photos and videos of employees and third parties on social media, websites, and in print media
Images and videos at internal and external events
Images and videos from informational and other events, such as our „Wyclifftage“, „Infotage“, „Inspired“, etc., may be used for public relations purposes on our website or in social media. Before recording or taking pictures, verbal notices are given regarding the processing. Individual shots or close-ups that depict visitors or partners in an identifiable manner are then made in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest.
Images and videos at trade fairs and exhibitions
During trade show appearances or exhibitions, photos or videos of Wycliff employees may be taken to document the event or for public relations purposes. We do not take photos or videos of visitors or other third parties.
Use of licensed and purchased images
We also use licensed images from external providers on our website and for communication purposes. These are subject to the respective license terms and are used exclusively in accordance with the contracts, in particular for public relations, information, and communication purposes.
Images and videos of employees
Application photos are used exclusively for processing the application process. Any further use requires express consent.
Photos of employees, such as portrait photos for internal organization or external presentation (e.g., magazine, website, annual reports), are only processed on the basis of consent. Consent can be revoked at any time.
During internal and external events (e.g., retreats, Wycliff Day, Christmas parties, trade fairs, and exhibitions), photos or videos may be taken in which employees are recognizable.
These recordings may be used for the following purposes:
- Internal purposes: documentation, presentations, internal communications.
- Public relations: Publication on the website, in social media channels, or in print media (e.g., in flyers or in our magazine).
Images and videos of children under the age of 16
Images and videos of children under the age of 16 will only be processed with the written consent of their legal guardians. Consent will be obtained prior to recording. No images or videos will be published internally or externally without such consent.
Data transfer to third countries
When using social media (e.g., Facebook, Instagram, YouTube), data may be transferred to third countries. In doing so, we ensure that appropriate protective measures are taken (e.g., EU standard contractual clauses).
Deletion periods for images and videos
Images and videos containing personal information are only stored for as long as necessary for the purpose. The deletion periods are based on legal or contractual requirements. Once the purpose has been fulfilled or the retention periods have expired, the recordings are deleted. Early deletion can be requested provided that there are no legal retention obligations.
Legal basis
- Consent pursuant to Art. 6 (1) (a) GDPR: Individual recordings or photos focusing on specific employees, in particular for marketing or public relations purposes, require written or electronic consent. This consent is voluntary and can be revoked at any time.
- Legitimate interest pursuant to Art. 6 (1) (f) GDPR: Group photos or recordings taken during events may also be processed without consent if: the recording does not focus on any individual, the processing serves public relations or documentation purposes, and no overriding interests, rights, or freedoms of the person depicted are infringed.
Note on the right to object
Employees have the right to object to the use of their images for specific purposes (e.g., public relations) at any time. The objection will result in the photos in question no longer being used in the future, unless there are compelling legitimate grounds for doing so.
Karimu International Conference Center
When you register for and participate in events at our international conference center, we process personal information in accordance with the General Data Protection Regulation (GDPR) and other relevant data protection regulations.
1. Purposes and legal basis of data processing
Your personal information will be processed for the following purposes:
- Organization and implementation of seminars and events
This includes, among other things, participant management, room bookings in the guest house, and other offers.
Legal basis: Art. 6 (1) (b) GDPR (performance of a contract or pre-contractual measures). - Processing of special requests (voluntary)
If you voluntarily provide us with additional information—such as special dietary requirements, information on intolerances, or special requirements for room amenities—we will process this information on the basis of your consent.
The data may be stored as part of the online registration process on our website, when registering by email or telephone, or when provided in person at reception during your stay.
Upon request, we will also store this information for future stays.
Legal basis: Art. 6 (1) (a) GDPR (consent). - Sending information (voluntary)
With your consent, we also use your information to send you information about our offers, such as newsletters, training courses, or special promotions.
This consent can also be given either as part of your registration or in person at the reception desk. Legal basis: Art. 6 (1) (a) GDPR.
2. Storage period and deletion
We only store your personal information for as long as is necessary to fulfill the respective purpose.
Once the purpose no longer applies – for example, after the event has ended and has been fully processed – the information will be deleted, provided that there are no legal retention obligations (e.g., under commercial or tax law) or consent given by you for further use (e.g., for future stays or sending information). Your information will not be further processed for other purposes.
3. Registration via our website
When you register using a form on our homepage, we collect the following personal information on the basis of Art. 6 (1) lit. b GDPR:
- First and last name
- Home or work address
- Billing address
- Date of birth or age
- Phone
Please note: You may only provide information if you are authorized to do so. Registering under someone else’s name without their knowledge is not permitted and is considered misuse. In such cases, we reserve the right to process the information for clarification purposes.
Contact forms and consent
The processing of voluntary information entered in forms will only take place with your express consent in accordance with Art. 6 (1) (a) GDPR.
You can revoke this consent at any time. An informal email notification is sufficient. Data processing that took place prior to revocation remains unaffected.
The information will be deleted if:
- you request its deletion,
- you revoke your consent, or
- statutory retention periods have expired.
4. Registration by telephone, email, or in person at reception
When you register by telephone, email, or in person at reception, we also process your personal information for the purpose of organizing, conducting, and billing events. Legal basis: Art. 6 (1) (b) GDPR.
If you voluntarily provide us with information about special requests (e.g., dietary requirements, room amenities, intolerances) or about the use of your information for future stays or sending information, this will also only be processed with your express consent. This consent can be revoked at any time.
Data processing on our websites
How do we collect your information?
Your personal information is automatically collected by our IT systems when you visit our websites. This is primarily technical data (e.g., Internet browser, operating system, or time of page view). This information is collected automatically as soon as you visit one of our websites (wycliff.de, wycliff-magazin.de, integration-wycliff.de, karimu.de, spracheundkultur.org).
What do we use your information for?
Some of the information is collected to ensure that our websites are provided without fault. Other information may be used to analyze your anonymized user behavior (Matomo analysis tool). If contracts can be concluded or initiated using these websites, the information transmitted will also be processed for contract offers, orders, or other order inquiries.
General information on the legal basis for data processing on these websites
We have designed our websites in such a way that no personal information is stored unless you use a contact form on which you provide us with your information for a specific purpose.
Recipients of personal information
We do not disclose personal information to third parties without your consent or an existing legal obligation. This also applies to bookings made at our Karimu International Conference Center.
Storage period
Unless a more specific storage period is given in this privacy policy, your personal information that you have provided us with via a website will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your information will be deleted unless we have other legally permissible reasons for storing your personal information (e.g., tax or commercial law retention periods); in the latter case, deletion will take place after these reasons no longer apply.
Hosting
External hosting
The websites are hosted externally by imweb24. External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of secure, fast, and efficient provision of our online services by a professional provider (Art. 6 (1) (f) GDPR). We have designed our websites in such a manner that no consent is required, as we do not load any cookies or plugins that require consent.
Our host will only process your information to the extent necessary to fulfill its service obligations and will follow our instructions regarding this information.
We use the following host:
Designbüro imweb24
Kai Günther
Alte Hofstraße 7
63584 Gründau
We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal information of our website visitors is only processed in accordance with our instructions and in compliance with data protection laws and regulations, including the GDPR.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, our web pages use SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from „http://“ to „https://“ and by the lock symbol in your browser line.
When SSL or TLS encryption is activated, the information you transmit to us cannot be read by third parties.
Newsletter data
If you would like to subscribe to the newsletter offered on one of our websites, we need your email address so that we can confirm in a double opt-in procedure that you are the owner of the email address provided and agree to receive the newsletter. No further information is collected or is collected on a voluntary basis only. We use newsletter service providers, which are described below, to process the newsletter.
Use of CleverReach for sending our newsletter
We use CleverReach, a platform for sending email newsletters, to send our newsletter to our subscribers. CleverReach is a service provided by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. By subscribing to the newsletter, you agree that your email address and other voluntarily provided information (e.g., name) will be transmitted to CleverReach for the purpose of managing and sending the newsletter.
CleverReach processes this information on our behalf and stores it on servers located within the European Union. The information is used exclusively for sending and evaluating the newsletter. It is not passed on to third parties.
For the purpose of sending the newsletter, CleverReach analyzes whether the emails are opened and links within the newsletter are clicked. This analysis serves to improve our newsletter and to tailor its content to your interests. The evaluation is anonymous, so no conclusions can be drawn about individual subscribers.
Data processing by CleverReach is based on your consent, which you give when you subscribe to the newsletter. You can unsubscribe from the newsletter at any time by clicking on the unsubscribe link at the end of each email or by sending us a message to that effect. You can revoke your consent at any time with effect for the future.
Further information on data protection at CleverReach can be found in CleverReach’s privacy policy: https://www.cleverreach.com/de/datenschutz/
Storage period
The information you provide to us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe or after the purpose no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Information stored by us for other purposes remains unaffected by this.
After you unsubscribe from the newsletter distribution list, your email address may be stored in a blacklist if this is necessary to prevent future mailings. The information from the blacklist will only be used for this purpose and will not be merged with other information. This serves both your interests and our interests in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) (f) GDPR). Storage in the blacklist is limited to one year. You can object to storage if your interests outweigh our legitimate interest.
eCommerce and payment providers
Processing of customer and contract information
We collect, process, and use personal customer and contract information for the establishment, content design, and modification of our contractual relationships. We collect, process, and use personal information relating to the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill for it. The legal basis for this is Art. 6 (1) lit. b GDPR.
The customer information collected will be deleted after completion of the order or termination of the business relationship and expiry of any statutory retention periods. Statutory retention periods remain unaffected.
FundraisingBox donation tool
On our website, we offer users the opportunity to make donations online. If a user takes advantage of this option, the information entered in the corresponding form is transmitted to us and stored. The form is provided by FundraisingBox (Wikando GmbH, Schießgrabenstr. 32, 86150 Augsburg). The information entered is therefore immediately forwarded to FundraisingBox and the technical service providers used by FundraisingBox to provide the form via an encrypted SSL connection in order to execute the donation order. The information is not passed on to other third parties.
Payments via the usual payment methods (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that „https://“ is displayed in the address line of your browser and by the lock symbol in your browser line. With encrypted communication, the payment information that you transmit to us cannot be read by third parties.
The following information is collected using the form: full name (last name, first name) with title (optional title and company name); address (street, house number, city, postal code, country); Email address; bank details (IBAN); donation details (donation recipient, amount, donation/purpose, donation receipt requested). Additionally for donations via credit card: card type, card number, CVV/CVC verification number, credit card expiration date.
If a donation receipt is requested, we process this information in order to issue and send the corresponding donation receipt. The information collected is necessary for the execution and implementation of the donation order. The user’s email address is required to confirm receipt of the donation order. The data will not be used for any other purposes. The legal basis for the processing of the data is Art. 6 (1) lit. b GDPR. When the form is submitted, the user’s IP address is also stored. We use the IP address to prevent misuse of the donation form, i.e., for the purpose of fraud prevention and to prevent unauthorized transactions that could harm third parties. The legal basis for processing the IP address is Art. 6 (1) lit. f GDPR.
The information will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of bank details, this is immediately after the donation amount has been transferred. After a donation receipt and a thank-you letter have been created and sent, if requested, the address information will be stored in accordance with tax law retention requirements, as will all other information entered, but will be blocked for any other use. The IP address collected during the sending process will be deleted after a period of seven days at the latest.
Users may object to the processing of their information at any time. However, it should be noted that if an objection is raised, the donation order can no longer be executed as requested. For further information, please visithttps://www.fundraisingbox.com/datenschutz/
Use of Apple Pay, Google Pay, PayPal, and Stripe for donations
We are pleased to offer you secure and convenient payment methods such as Apple Pay, Google Pay, PayPal, and Stripe for donations on our website. Below, we provide information about the processing of personal information in connection with the use of these payment services.
Purpose and legal basis of data processing
Your personal information is processed for the purpose of processing donation payments, issuing donation receipts (if desired), and complying with legal requirements. The processing serves the following purposes:
- the performance of a contract pursuant to Art. 6 (1) (b) GDPR (processing of the donation),
- the fulfillment of legal obligations pursuant to Art. 6 (1) (c) GDPR (e.g., tax retention obligations),
- your consent in accordance with Art. 6 (1) (a) GDPR in the case of voluntary contact or donor registration.
Type of data processed
- When using Apple Pay, Google Pay, PayPal, and Stripe for donations, the following personal information is processed:
- Payment information (e.g., donation amount, transaction ID, order number),
- Device and transaction data (e.g., IP address, device used, timestamp),
- Donor information, if entered (e.g., name, email address, if a donation receipt is requested),
- Tax data, if a donation receipt is to be issued.
- We do not receive complete payment details or credit card information, as these are processed directly by the payment service providers (Apple Pay, Google Pay, PayPal, Stripe).
Recipients of the information
To process the donation payment, information is transferred to the following recipients:
- Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA,
- Google Pay, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA,
- PayPal, PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg,
- Stripe, Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA,
- Payment service providers or financial institutions involved in payment processing,
- Tax authorities, if there is a legal obligation to report donations.
- For more information about data processing by Apple, please refer to Apple’s privacy policy:https://www.apple.com/legal/privacy/de-ww/.
- For more information about Google Pay, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=de.
- For more information about PayPal, please refer to PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
- Further information on Stripe can be found in Stripe’s privacy policy: https://stripe.com/privacy.
Information transfer to third countries
Some of the above-mentioned payment service providers (Apple Inc., Google Pay, PayPal, and Stripe) are based in the US, which means that personal information may be transferred to a third country.
For information transfers to the USA, these companies use appropriate safeguards in accordance with Art. 46 GDPR, in particular standard contractual clauses of the EU Commission, to ensure an adequate level of data protection. These standard contractual clauses ensure the protection of the transferred personal information to the required level.
Storage period
Personal information is only stored for as long as is necessary to process the donation. Tax regulations may require storage for up to ten years.
Further information
- The payment services mentioned (Apple Pay, Google Pay, PayPal, and Stripe) use their own security mechanisms (e.g., two-factor authentication, transaction verification) to secure transactions. We do not have access to this security data.
- If you do not wish to use these payment services, alternative payment methods are available.
Instant transfer
This payment service is provided by Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter „Sofort GmbH“). Using the „instant transfer“ procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfill our obligations. If you have chosen the „Sofortüberweisung“ (instant transfer) payment method, you will transmit the PIN and a valid TAN to Sofort GmbH, which can then log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and transfers the money to us using the TAN you provided. It will then immediately send us a transaction confirmation. After logging in, your transactions, overdraft facility, and the existence of other accounts and their balances will also be checked automatically. In addition to the PIN and TAN, the payment details you have entered and your personal information will also be transmitted to Sofort GmbH. Your personal information includes your first and last name, address, telephone number(s), email address, IP address, and any other data required for payment processing. The transmission of this data is necessary to verify your identity beyond doubt and to prevent fraud attempts. Details on payment by instant transfer can be found at the following link: https://www.klarna.com/sofort/.
VISA
This payment service is provided by Visa Europe Services Inc., London branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter „VISA“). The United Kingdom is considered a third country with adequate data protection. This means that the United Kingdom has a level of data protection that is equivalent to that of the European Union. VISA may transfer data to its parent company in the USA. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.
For further information, please refer to VISA’s privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.
Stripe (credit card donations via FundraisingBox)
Stripe Payments Europe, Limited c/o A&L Goodbody, IFSC, North Wall Quay, Dublin 1 („Stripe“).
All data required for payment processing is used by Stripe exclusively for the execution of payments and is transmitted securely using the „SSL“ procedure. Stripe is PCI DSS certified. By using credit card payment via Stripe, you accept Stripe’s privacy policy (https://stripe.com/de/privacy).
Contacting Wycliff e. V.
When you send us inquiries, your details from the inquiry form, including the contact details you provided there, will be stored by us exclusively for the purpose of processing your inquiry and for the event of follow-up questions. We will not pass on this data without your express consent.
Legal basis
Your information is processed on the basis of Art. 6 (1) lit. b GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 (1) lit. f GDPR).
The information you enter in the contact form will remain with us until you request us to delete it, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular retention periods—remain unaffected by this.
Inquiries by email, telephone, or fax
If you contact us by email, telephone, or fax, your inquiry, including all resulting personal information (name, inquiry), will be stored and processed by us for the purpose of processing your request and for the event of follow-up questions. We will not pass on this information without your express consent.
This data is processed on the basis of Art. 6 (1) (b) GDPR, provided that your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested; consent can be revoked at any time.
The information you send us via contact requests will remain with us until you request us to delete it, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular statutory retention periods—remain unaffected.
Use of messenger services
Some Wycliff members use messenger services to pass on information from their areas of work or to communicate with each other. The official service of Wycliff e. V. is the Signal messenger service.
Images may only be shared with the consent of the persons depicted.
Signal
Purpose and legal basis of data processing
Signal is used for secure and encrypted communication with our customers, business partners, or other parties involved. The processing of personal information is based on the following legal basis:
- Art. 6 (1) (b) GDPR (performance of a contract), insofar as communication is necessary for the initiation or performance of a contract.
- Art. 6 (1) (f) GDPR (legitimate interest), as we have a legitimate interest in secure and data protection-friendly communication.
- Art. 6 (1) (a) GDPR (consent), if you contact us voluntarily and agree to the use of Signal.
Type of data processed
The following personal information may be processed when using Signal:
- Phone number
- Name (if specified in the profile)
- Communication content (messages, attachments, voice and video calls)
- Metadata (e.g., time and duration of communication)
Signal states that it does not store any communication content on its servers and uses end-to-end encryption.
Recipients of the data
Communication takes place directly via the servers of Signal Messenger LLC (USA). However, Signal does not permanently store any communication content or metadata and does not share any data with third parties. For more information, please refer to Signal’s privacy policy: https://signal.org/legal/.
Storage period
We do not permanently store any data from Signal communications. The data remains only on the respective end devices of the communication partners. If the user wishes to store chat history or attachments, this is their responsibility.
Data transfer to third countries
As Signal Messenger LLC is based in the USA, data may be transferred to a third country. However, Signal uses security mechanisms such as end-to-end encryption to protect the data. Should additional legal safeguards be necessary in the future, we will take appropriate measures, e.g., concluding standard contractual clauses of the EU Commission.
Security measures
We take appropriate technical and organizational measures to ensure the security of communications via Signal. Nevertheless, we would like to point out that no electronic communication is completely secure and that users should familiarize themselves with Signal’s privacy policy.
Data collection on our websites
Cookies
Our websites use so-called „cookies.“ Cookies are small data packets and do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.
Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing online donations).
Cookies have various functions. Our cookies are technically necessary, as certain functions of our websites would not work without them.
Cookies that are necessary for the electronic communication process, for the provision of certain functions requested by you (e.g., for the online donation option) or for the optimization of the website (e.g., cookies for measuring the web audience) are stored on the basis of Art. 6 (1) lit. f GDPR, unless another legal basis is specified.
We have a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of our services.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, or activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be restricted.
Analysis tools and advertising
Matomo
This website uses the open source web analysis service Matomo.
With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This allows us to find out, among other things, when which page views were made and from which region they come. We also collect various log files (e.g., browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g., clicks, etc.).
The use of this analysis tool is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize its website.
We use IP anonymization for analysis with Matomo. This means that your IP address is truncated when you visit our website and thus before analysis, so that it can no longer be clearly assigned to you.
We have configured Matomo so that Matomo does not store any cookies in your browser.
Plugins and tools
Google Fonts and Font Awesome (local hosting)
These pages use Google Fonts, which are provided by Google, and Font Awesome to ensure a consistent display of fonts. Both are installed locally. There is no connection to Google or Awesome servers.
Audio- und VideokonfeAudio and video conferencesrenzen
Data processing
We use online conference tools, among other things, for our internal and external communication. The specific tools we use are listed below. If you communicate with us via video or audio conference over the Internet, your personal information will be collected and processed by us and the provider of the respective conference tool.
The conference tools collect all data that you provide/use to use the tools (email address and/or your phone number). Furthermore, the conference tools process the duration of the conference, the start and end (time) of participation in the conference, the number of participants, and other „context information“ related to the communication process (metadata).
In addition, the tool provider processes all technical data required to handle online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.
If content is exchanged, uploaded, or otherwise made available within the tool, it is also stored on the tool providers’ servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared while using the service.
Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the privacy policies of the respective tools, which we have listed below this text.
The conference tools are used to communicate with interested parties, friends, and donors or to offer certain services (Art. 6 (1) (b) GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us (legitimate interest within the meaning of Art. 6 (1) (f) GDPR). If consent has been requested, the tools in question are used on the basis of this consent; consent can be revoked at any time with effect for the future.
Storage period
The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to its storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal retention periods remain unaffected.
We have no influence on the storage period of your information stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
Conference tools used
We use the following conference tools:
Zoom
We use Zoom. This service is provided by Zoom Communications Inc., San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. Details on data processing can be found in Zoom’s privacy policy:https://explore.zoom.us/de/privacy/.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:https://explore.zoom.us/de/privacy/.
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when processing data in the US. Every company certified under the DPF commits to complying with these data protection standards. Further information on this can be obtained from the provider at the following link:https://www.dataprivacyframework.gov/participant/5728.
Order processing
We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal information of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.
Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in the Microsoft Teams privacy policy: https://privacy.microsoft.com/de-de/privacystatement.
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when processing data in the US. Every company certified under the DPF commits to complying with these data protection standards. Further information on this can be obtained from the provider at the following link:https://www.dataprivacyframework.gov/participant/6474.
Order processing
We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal information of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.
Services of Wycliff e.V.
Handling of applicant data
We offer you the opportunity to apply for a job with us. This can be done either by email using the appropriate forms or via the online application form. Below, we provide information about the scope, purpose, and use of your personal information collected during the application process. We assure you that the collection, processing, and use of your information will be carried out in accordance with applicable data protection laws and all other legal provisions, and that your information will be treated as strictly confidential.
When you send us an application, we process the associated personal information (e.g., contact and communication data, application documents, notes taken during job interviews, etc.) to the extent necessary to decide whether to establish an employment relationship. The legal basis for this is Section 26 of the German Federal Data Protection Act (BDSG) (initiation of an employment relationship), Article 6(1)(b) of the GDPR (general contract initiation) and—if you have given your consent—Article 6(1)(a) of the GDPR. Consent can be revoked at any time. Your personal information will only be passed on within our company to persons involved in processing your application.
If your application is successful, the data you submit will be stored in our data processing systems on the basis of Section 26 BDSG and Art. 6 (1) (b) GDPR for the purpose of implementing the employment relationship.
Data retention period
If we are unable to offer you a position, you decline a job offer, or you withdraw your application, we reserve the right to store the data you have provided on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The storage serves in particular for verification purposes in the event of a legal dispute.
If it is apparent that the data will be required after the 6-month period has expired (e.g., due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.
Longer storage may also take place if you have given your consent (Art. 6 (1) (a) GDPR) or if statutory retention obligations prevent deletion.
Our social media presence
This privacy policy applies to the following social media presences:
- https://www.facebook.com/Wycliff.Deutschland/
- https://www.instagram.com/wycliff_de_/
- https://www.youtube.com/@WycliffDeutschland
Data processing by social networks
We maintain publicly accessible profiles on social networks. The specific social networks we use are listed below.
Social networks such as Facebook, X, etc., can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presences triggers numerous data processing operations relevant to data protection. These are as follows:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal information may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.
Using the information collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are or were logged in.
Please also note that we cannot track all processing operations on social media portals. Therefore, further processing operations may be carried out by the operators of the social media portals depending on the provider. For details, please refer to the terms of use and privacy policies of the respective social media portals.
Legal basis
Our social media presence is intended to ensure the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. Analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).
Responsible party and assertion of rights
When you visit one of our social media sites (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit.
You can assert your rights (information, correction, deletion, restriction of processing, data portability, and complaint) both against us and against the operator of the respective social media portal (e.g., against Facebook).
Please note that despite our joint responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
Storage period
The data collected directly by us via our social media presence will be deleted from our systems as soon as you request us to do so, revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions—in particular retention periods—remain unaffected.
We have no influence on the storage period of your information stored by the operators of social networks for their own purposes. For details, please find the respective information directly with the operators of the social networks (e.g., in their privacy policy, see below).
Social networks in detail
We have a profile on Facebook. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter Meta). According to Meta, the data collected is also transferred to the USA and other third countries.
We have entered into a joint processing agreement (Controller Addendum) with Meta. This agreement specifies which data processing operations we and Meta are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings in your user account. To do so, click on the following link and log in:https://www.facebook.com/settings?tab=ads.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
For further details, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/.
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when data is processed in the US. Every company certified under the DPF commits to complying with these data protection standards. Further information on this can be obtained from the provider at the following link:https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
We have a profile on Instagram. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/, andhttps://de-de.facebook.com/help/566994660333381.
For details on how they handle your personal information, please refer to Instagram’s privacy policy:https://privacycenter.instagram.com/policy/.
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when processing data in the US. Every company certified under the DPF commits to complying with these data protection standards. Further information on this can be obtained from the provider at the following link:https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal information can be found in YouTube’s privacy policy:https://policies.google.com/privacy?hl=de.
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when processing data in the US. Every company certified under the DPF commits to complying with these data protection standards. Further information on this can be obtained from the provider at the following link:https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Your rights as a data subject under the GDPR
As a data subject, you have the following rights under the General Data Protection Regulation (GDPR) with regard to the processing of your personal information:
- Right to information: You have the right to obtain confirmation from us as to whether and which personal information we process about you. In the event of processing, you have the right to obtain information about this data and further information in accordance with Art. 15 GDPR.
- Right to rectification: If your personal information is inaccurate or incomplete, you may request that your information be rectified or completed in accordance with Art. 16 GDPR.
- Right to erasure: Under the conditions of Art. 17 GDPR, you may request the erasure of your personal information if, for example, the purpose of the processing no longer applies or you have revoked your consent.
- Right to restriction of processing: You have the right to request the restriction of the processing of your personal information in accordance with Art. 18 GDPR, e.g., if you dispute the accuracy of the data or the processing is unlawful.
- Right to data portability: Under certain conditions, you may request that we provide you with your personal information in a structured, commonly used, and machine-readable format or transfer it to another controller (Article 20 GDPR).
- Right to object: You have the right to object to the processing of your personal information if it is based on a legitimate interest or is used for direct marketing (Article 21 GDPR).
- Withdrawal of consent: If you have given us your consent to process your personal information, you can withdraw this consent at any time with effect for the future (Art. 7 (3) GDPR).
- Right to lodge a complaint: If you believe that the processing of your information violates the GDPR, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR), e.g., the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, P.O. Box 20 04 44, 40102 Düsseldorf, 0211 384240, poststelle@ldi.nrw.de.
To exercise your rights, you can also contact us at any time. Our contact details:
Wycliff e. V.
Siegenweg 32
57299 Burbach
Phone: +49 2736 297-0
Email: datenschutz@wycliff.de