gegengewalt-inkirche.de

Counselling

Counselling

Privacy Policy

Safety

Web Privacy Policy of the Office for Women’s Pastoral Care at the German Bishops’ Conference

The Office for Women’s Pastoral Care at the German Bishops’ Conference (hereinafter referred to as the ” Office for Women’s Pastoral Care”), as the operator of this site, takes the protection of your personal data very seriously. We treat your data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
The following privacy policy applies to the website https://www.gegengewalt-inkirche.de/, https://www.gegengewalt-anfrauen-inkirche.de/ and https://www.gegengewalt-anmaennern-inkirche.de/.

Information obligations when collecting personal data (§ 15 KDG)

For the Office for Women’s Pastoral Care as the responsible unit of the Catholic Church, the European Data Protection Regulation (EU GDPR[1]) does not apply, but only Canon Law (Art. 91 EU GDPR in conjunction with Art. 140 GG[2]. Art. 140 GG[2], Art. 137 para. 3 WRV[3], § 3 para. 1 lit. c) KDG). As a result, all data is processed in accordance with the requirements of the Church Data Protection Act (KDG) of the Catholic Church in Germany, which came into force on 20.11.2017.

Following the requirements of § 15 KDG, we inform you how we collect and process your personal data in the context of the use of our counselling platform in accordance with the law. Since the Women’s Pastoral Care Office collects all data itself, we are not subject to any further obligation to provide information in accordance with § 16 KDG with regard to data collection by third parties.

1 .  Scope, purpose and legal basis of data processing

(§ 15 Abs. 1 lit. c) and d) KDG

a.  Visit of our counselling portal

With our counselling platform, we would like to support people who have experienced violence within the Church as adults. In connection with our counselling platform, which can be accessed at https://www.gegengewalt-inkirche.de/, https://www.gegengewalt-anfrauen-inkirche.de/ and https://www.gegengewalt-anmaennern-inkirche.de/, we process personal data only insofar as this is necessary for the provision, use and optimisation of our platform and for the protection of ecclesiastical and legitimate interests (§ 6 para. 1 lit. g) KDG). In addition, we only process your data in connection with our counselling platform insofar as this is permitted by legal provisions (§ 6 para. 1 lit. a) KDG) or you have expressly consented to this (§ 6 para. 1 lit. b) KDG).

b. Processing of personal data via our counselling services

The database of the counselling platform is based on the Tau-Work-Together cloud database of rocom GmbH, Eichenstr. 8a, 83083 Riedering. All personal data processed here is hosted in a German data centre. 8a, 83083 Riedering.

The data transmission is encrypted according to the state of the technology via the TSL 1.3 protocol. Client separation is guaranteed. An order processing contract has been concluded with the operator.

c.  Tracking – server log files on our website

Computer-related data is logged and stored for the purpose of identifying and tracking unauthorised attempts to access our web server. User profiles are not created. No data is passed on to third parties, not even in excerpts. Depending on the access protocol used, the log data record (server log files) contains information with the following content:

The IP address is stored anonymised

The log data is stored on the legal basis of § 6 para. 1 lit. f) in conjunction with lit. g) KDG. This data is only evaluated in the event of unauthorised access. The evaluation is carried out by employees of the Women’s Pastoral Care Office as well as by technical service providers and administrators of the Catholic Church. 1 lit. f) i.V.m. lit. g) KDG.  

d.  Cookies

Our counselling platform uses cookies. Cookies are small text files that are stored on your end device and saved by your browser. They do not cause any damage to your end device and do not contain viruses. Cookies serve to make our website more user-friendly, effective and secure.

Most of the cookies we use are only used for the technical purpose of delivering the pages and are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies enable us to identify your browser the next time you visit.

Most browsers are set to automatically accept cookies. You can set your browser so that you are informed about the placement of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. This makes the use of cookies transparent for you.

Technically necessary cookies, which are absolutely necessary for the operation or display of the portal, are stored on the legal basis of § 6 para. 1 lit. f) in conjunction with lit. g) KDG. Such cookies are stored in the interest of a technically error-free and optimised provision of our portal.

All other cookies (e.g. those from third-party providers) are stored on the legal basis of § 6 para. 1 lit. b), § 8 KDG if you give us your consent to do so. When you access the counselling platform, an opt-in checkbox appears in which you can declare your consent to the storage of cookies. You can revoke your consent at any time with effect for the future by calling up the cookie settings again and using the opt-out checkbox there. The revocation only affects the future storage of cookies, but not the cookies already stored – with your consent. You must remove these yourself manually or via the automatic browser setting.

e.  Integration of services for statistical evaluation

The constant optimisation of our platform is very important to us. Therefore, computer-related data is stored in order to record – anonymised – trends, statistically evaluate access data on our platform and to help develop and improve our platform. The anonymised statistical evaluation is carried out using a statistics tool that is part of our portal’s software. Anonymised data is NOT personal data and is therefore not subject to data protection regulations.       

f.  Google Web Fonts

Our counselling platform uses so-called web fonts, which are provided by Google LLC (“Google”), for the uniform display of fonts. When you call up the page, your browser establishes a connection to our web server. The Google Fonts are stored locally there, so that no data is sent to Google. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. No personal data is processed through the use of the web fonts. If your browser does not support web fonts, a standard font will be used by your computer.

g.  Registration for the virtual counselling centre

You can create a user account with us by registering so that we can send you notifications by e-mail of changes in the status of enquiries or appointments. The data you provide will only be used for correspondence with you. The data stored within the scope of the registration will not be passed on to third parties as long as this is not necessary for the fulfilment of the purpose of the contract, not even to the members of the counselling team.

The following data is stored during registration:

In addition, we may collect further data for anonymous statistical evaluation during the counselling process.

Before sending the registration, your consent according to § 6 para. 1 lit. b) KDG will be obtained and your attention will be drawn to this data protection declaration.

The contents of the communication are subject to confidentiality. The user can terminate the contact at any time and thus delete the account and all associated data. The account and data will also be deleted if the contact is terminated by the counsellor. If the contact has not been explicitly terminated by one of the parties involved, the account and data will be automatically deleted 2 years after the last activity.

2.  Recipients / Categories of Recipients of Personal

Data (§ 15 para. 1 lit. e) KDG)

The Recipient of the Data associated with the use of the website is exclusively the Office for the Women’s Pastoral Care of the German Bishops’ Conference. Your data will be treated confidentially and will not be passed on to third parties, neither to recipients within Germany or the European Union, nor to recipients in third countries. The data will not be used commercially, nor will profiling be carried out.

However, we may use external service providers who process personal data on our behalf. These are considered as order processors within the meaning of § 29 KDG. When data is passed on to these partners, an order processing contract is therefore always concluded in accordance with the legal requirements in order to ensure the control and protection of the data.

In the course of operating the advisory portal, we commission rocom GmbH, Eichenstr. 8a, 83083 Riedering which may gain access to your anonymised data in the course of its activities, insofar as they require the data to perform their respective services. They have undertaken to comply with the applicable data protection regulations vis-à-vis us. An order processing contract has been concluded in accordance with Art. 29 KDG.”

The Office for Women’s Pastoral Care will transmit personal data to institutions (authorities) entitled to receive information if the Catholic Church is obliged to do so by legal provisions or by court order.

3.  Duration of Storage and Deletion of Personal Data

(§§ 15 Abs. 2 lit. a), 19 KDG)

As a matter of principle, no personal data is recorded during counselling sessions. All communication is anonymised. Personal data can only be collected if the user accidentally logs in with her real name. In this case, we terminate the communication and ask the user to log in anonymously. Personal data processed in this context will be deleted immediately.

4.  Your Rights as Data Subject

(§ 15 Abs. 2 Nr. 2 lit. b) KDG)

The Data Protection Act of the Catholic Church in Germany gives individual citizens various possibilities to check and influence the handling of their personal data themselves.

As a person affected by the processing of personal data, you have the following rights:

a.  Right to information according to § 17 KDG § 17 KDG

If personal data is processed, you can request information about this personal data and the following information free of charge at any time in accordance with § 17 para. 1 KDG:

We will provide a copy of the personal data that is the subject of the processing. For any additional copies you request, we may charge a reasonable fee based on administrative costs. If you make the request electronically, the information must be provided in a commonly used electronic format unless you specify otherwise. The right to receive such a copy must not affect the rights and freedoms of other persons.

b.  Right to rectification according to § 18 KDG § 18 KDG

You have the right to request that we correct any inaccurate personal data relating to you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

c.  Right to deletion according to § 19 KDG § 19 KDG

Details on the right to deletion can be found above under point 3 of this data protection declaration.

d. Right to restriction of processing according to § 20 KDG § 20 KDG

Sie haben gem.Pursuant to § 20 para. 1 KDG, you have the right to demand that we restrict the processing of your personal data if one of the following conditions is met:

Where processing has been restricted in accordance with the above conditions, such personal data shall – apart from being stored – only be processed with the consent of the data subject or for the purpose of asserting legal claims or exercising or defending rights or protecting the rights of another natural or legal person or for reasons of important ecclesiastical interest.

e.  Right to data portability according to § 23 KDG § 23 KDG

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, provided that

When exercising the right to data portability, you have the right to obtain that the personal data be transferred directly from one controller to another controller, where technically feasible. This right does not apply to processing necessary for the performance of a task carried out in the interest of the Church or in the exercise of official authority vested in the controller.

f.  Right to object to processing pursuant to § 23 KDG

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of § 6 para. 1 lit. f) or g) KDG. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the purpose of asserting legal claims or exercising or defending rights.

g.  Right to revoke a given consent to the processing of

personal data according to

§8 para. 6, § 15 para. 2 lit. c) KDG

If the processing of personal data is based on your consent, you have the right to revoke your consent at any time without giving reasons. The revocation is only valid for the future. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

If you wish to exercise any of the rights just described, please contact the address given in point 5.

5.  responsible unit (§ 15 para. 1 lit. a) KDG)

Responsible for the processing of personal data on this counselling platform within the meaning of the Church Data Protection Act is the:

The responsible body according to § 4 No. 9 KDG as well as other data protection regulations is the

Office for Women’s Pastoral Care of the German Bishops’ Conference
Carl-Mosterts-Platz 1
40477 Düsseldorf

Telefon: (02 11) 975331-51
E-Mail: info(a)frauenseelsorge.de

complete provider identification: http://www.frauenseelsorge.de

Legal representative:

Frauenseelsorge in den deutschen Diözesen e.V.
c/o Arbeitsstelle für Frauenseelsorge der Deutschen Bischofskonferenz
Carl-Mosterts-Platz 1
40477 Düsseldorf

Telefon: (02 11) 975331-51
E-Mail: info(a)frauenseelsorge.de

6.  Legal entity:

(§ 15 Abs. 1 lit. b) KDG)

Dirk Fromm
Lawyer, certified Data Protection Officer and Data Protection Auditor (TÜV® PersCert)
(TÜV® PersCert)
Information Security Officer – ISO/IEC 27001 (TÜV® PersCert)

CE21 – Gesellschaft für Kommunikationsberatung mbH
Bergfeldstraße 11, 83607 Holzkirchen

Information via NRW Office:
Donnerbachweg 1, 53332 Bornheim

Tel.: +49 89 7167211-30
Fax: +49 2227 904541
E-Mail: dirk.fromm@ce21.de

7.  Right to complain to the competent Supervisory Authority

(§ 15 para. 2 lit. d) KDG).

Pursuant to § 48 KDG, every Data Subject has the right to lodge a complaint with the Church’s Data Protection Inspectorate, without prejudice to any other legal remedy, if he or she is of the opinion that the processing of personal data concerning him or her violates the provisions of the KDG or other data protection regulations. Competent ecclesiastical Data Protection Inspectorate: Catholic Data Protection Centre – public corporation

Katholisches Datenschutzzentrum – Körperschaft des öffentlichen Rechts    
Brackeler Hellweg 144 
44309 Dortmund           

Telefon: 0231/13 89 85-0           
Telefax: 0231/13 89 85-22          
E-Mail: info@kdsz.de

www.katholisches-datenschutzzentrum.de

These contact details are therefore relevant for all questions of a Data Protection nature relating to this advice portal as well as for all Data Protection claims on your part.

8.  safety

a.  Technical and organisational measures

The Office for Women’s Pastoral Care uses technical and organisational measures within the meaning of § 26 of the German Data Protection Act (KDG) to protect the data you have provided against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. Our security measures are continuously improved in line with technological developments. We have obliged all employees to maintain data secrecy in accordance with § 5 KDG. In order to ensure compliance with data protection regulations, our employees are regularly trained by our Data Protection Advisor. It is also ensured that the data protection regulations are also observed by the external service providers involved.

b.  E-Mail

Email communication within the scope of counselling is always anonymised and encrypted. We recommend using your anonymised email address for support messages (error messages, faults). If you send us a support email, your email address will only be used for technical support. An encryption procedure is not used. The email traffic takes place via the unsecured internet. We would like to point out that the internet harbours many risks of attack and that absolutely secure transmission cannot be guaranteed. Complete protection of data against access by third parties is not possible. Therefore, please do not send us any confidential or strictly confidential data by email.

c.  Transport Layer Security (TLS)

For reasons of security and to protect the transmission of confidential content, such as enquiries that you send to us as the site operator, our counselling platform uses state-of-the-art TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If TLS encryption is activated, the data you transmit to us cannot be read by third parties.

9. links to other websites

Our counselling platform contains links to other websites. We have no influence whatsoever on their content and on whether their operators comply with the applicable Data Protection Act. For the purpose and scope of any data collection, further processing and use of the data by the respective third party that operates the corresponding website, as well as your rights in this regard and setting options for protecting your privacy, please refer to the Data Protection Information of the third party. We also have no influence whatsoever on the current and future design or the authorship of the content of the linked pages. We hereby declare that at the time the links were created, no illegal content was identifiable on the linked pages. We expressly distance ourselves from all content that may be relevant under Criminal Law or Liability Law or that may offend common decency. For illegal, incorrect or incomplete content and for damages resulting from the use or non-use of other websites, the provider of the site to which reference was made shall be solely liable.

10.  definitions

The legislator requires that personal data be processed in a lawful manner, in good faith and in a transparent manner that is comprehensible to the data subject. Our data protection declaration should therefore be easy to read and understand for any interested person. To ensure this, we would like to explain the terms used last.

Anonymisation/pseudonymisation

Anonymised data is not personal data. It is technically impossible to draw conclusions about the person. Our counselling is based on this principle. We do not use pseudonymisation. Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organisational measures which ensure that the personal data cannot be attributed to an identified or identifiable natural person.

Person affected

Data subject is any identified or identifiable natural person whose personal data are processed by us. In principle, our portal is structured in such a way that no personal data is processed.

Processing

Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.

Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

Person responsible for the processing

The person responsible for processing is the natural or legal person, authority, institution, ecclesiastical body within the meaning of § 3 KDG or other entity which alone or jointly with others determines the purposes and means of the processing of personal data.

Processor

A processor is a natural or legal person, authority, institution, Church or other entity that processes personal data on behalf of the person responsible.

Recipient

Recipient means a natural or legal person, public authority, agency, ecclesiastical entity or other entity to whom personal data is disclosed, whether or not a third party.

Third party

Third party means a natural or legal person, public authority, agency, ecclesiastical entity or other entity other than the data subject, the controller, the processor and the persons who are authorised to process the personal data under the direct responsibility of the controller or the processor.

Consent

Consent shall mean any freely given specific and informed indication of the data subject’s wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

11.  final clause

Due to the further development of our counselling platform or the implementation of new technologies, it may become necessary to amend this Data Protection Declaration. We reserve the right to change this Data Protection Declaration at any time with effect for the future. The version available at the time of your visit always applies.

Further information, e.g. on copyright, can be found in the imprint.

____________________________________________________________________

[1] The European General Data Protection Regulation 2016/679 (EU GDPR) entered into force on 25 May 2018 and seamlessly replaced all old German Data Protection Laws on that day.

© 2023 – Office for Women’s Pastoral Care of the German Bishops’ Conference