PRIVACY POLICY

Roots MSB Communications gUG (haftungsbeschränkt), hereinafter referred to as “we / us”, respects your privacy. We are the data controller (“Controller”) under the EU General Data Protection Regulation (EU Datenschutz-Grundverordnung – DSGVO) (“GDPR”). We are committed to protecting your personal data. This privacy policy is intended to inform you as a visitor to this website about how we process your personal data, what data protection rights you have and how the law protects you.

We regularly review our privacy policy. This privacy policy is currently valid and has the status: June 2024.

Name and contact details of the data controller

This data protection information applies to data processing by:

Roots MSB Communications gUG (haftungsbeschränkt)

represented by Fily Mihan and Naima Nazir

Bochumer Street 1, 10555 Berlin

(hereinafter referred to as the "Controller")

The Controller can be contacted at the above address or at:

Phone: +49 (0)15254719112

E-mail: info@rootsberlin.com

General information

We take your data protection seriously and treat your personal data confidentially in accordance with current data protection regulations.

Data security

We secure the data collected when you visit and use the functionality of our website using SSL or TLS encryption. We also take appropriate security precautions to protect your data.

No automated decision-making (including profiling)

We do not intend to use the personal data collected from you for automated decision-making (including profiling).

Retention and deletion of personal data

Unless an explicit retention period is specified below, we will retain your personal data for as long as necessary to fulfil the purpose or purposes for which it was collected and to comply with applicable laws or as permitted by your consent.

Accordingly, we will only retain personal data for as long as we need to in order to comply with a legal or regulatory obligation or for the defence against or enforcement of potential claims.

Transfer and collection of personal data in third countries

The personal data we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") as long as it is a country that has been assessed by the European Commission as providing an adequate level of protection for personal data.

For data transfers to the USA, the European Commission has adopted an adequacy decision for the data protection agreement "EU-U.S. Data Privacy Framework".

Alternatively, for transfers from the EEA to countries not categorised as adequate by the European Commission, we have put in place appropriate safeguards, such as agreeing the standard contractual clauses adopted by the European Commission with the recipients of the data, to protect your personal data.

You can learn more and view a copy of the standard contractual clauses here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

Website

Categories of personal data

When you use our website, we may collect the following categories of personal data:

Usage data: When you visit our website, a log data record (so-called "server log files") is temporarily stored on our web server.

Contact information: If you use the contact form on the website, we process the data transmitted (e.g. surname and first name, e-mail address, the time of transmission and, if applicable, IP address as well as other personal data relating to your request that you voluntarily provide to us).

Use-related data

When you visit our website, we collect data about access to the site and save it as server log files. The following data is logged in this way:

the websites visited,
the name and address of the requested content,
the date and time of the query,
the amount of data transferred,
the access status (content transferred, content not found),
the description of the web browser and operating system used,
the referral link, which indicates from which website you have accessed our website,
the IP address of the requesting computer.

The use-related data is processed for statistical purposes and helps us to improve the quality of our website.

We process the aforementioned data for the following purposes:

to ensure a good connection setup (stability and security of the connection) and convenient use of the website,
to evaluate the system security and stability, and
for further administrative purposes.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

Our legitimate interest in data processing arises from the aforementioned purposes. We use your personal data under no circumstances to draw any conclusions about your person.

We reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

Provider

We host our website with the website provider Wix.com (“WIX”). The provider is WIX.com Ltd, Nemal St. 40, 6350671 Tel Aviv, Israel. WIX is a tool for creating and hosting websites. We use WIX to analyse usage behaviour, visitor sources, region and visitor numbers when you visit our website.

WIX stores cookies on your browser that are required to display the website and to ensure security (necessary cookies). The data collected via WIX can be stored on various servers worldwide. The WIX servers are located in the USA, among other places.

WIX participates in the EU-U.S. Privacy Shield Framework for data transfers to the U.S. and is certified under the EU-U.S. Data Privacy Framework. For details, please refer to the WIX privacy policy: https://de.wix.com/about/privacy

The use of WIX is based on Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. If and insofar as consent to the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) has been requested and granted, the processing is carried out exclusively on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR and Section 25 para. 1 of the Telecommunications and Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetz – TTDSG) ("TTDSG"). You may withdraw your consent at any time. We have concluded an agreement with WIX on data processing for the use of the aforementioned service (Art. 28 GDPR).

This website use cookies. These are small text files that are stored on your end device. Your browser accesses these files. The use of cookies increases the user-friendliness and security of this website. Common browsers offer the setting option of not allowing cookies. However, completely deactivating cookies may limit the functionality of our website.

How do we use cookies?

We use cookies on our website to statistically record the use of our website and to improve your user experience.

What types of cookies do we use?

We currently only use cookies that serve the functionality of recognising you on our website and remembering your previously selected settings. This may include your preferred language and your locations.

The data processed by cookies are necessary for the purposes mentioned to safeguard our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

Transfer of personal data

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only pass on your personal data to third parties if:

you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
in the event that there is a legal obligation for disclosure within the meaning of Art. 6 para. 1 sentence 1 lit. c GDPR, or
this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

Use of the contact form

We collect your personal data to answer your queries submitted via contact forms provided on our website. This requires you to provide your identity and contact information (name and email address) in order for us to analyse your request and to respond to your questions. You may provide us with additional information voluntarily in the optional field provided.

The personal data collected by us through the contact form will be automatically deleted on the website contact form immediately after the enquiry has been submitted. The contact form data is retained by us in order to respond to your enquiry. We will delete the data collected when the retention of the data is no longer necessary in order to process your request, or we will restrict the processing where a legal obligation bound us to retain the data.

Contacting via e-mail

We collect your personal data if you contact us via e-mail and store the information you provide in order to respond to your enquiry.

We will delete the data as soon as it is no longer necessary to store it, or restrict its processing if there are legal obligations to retain it. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. If the purpose of your contact is the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

Social media interaction

Social media plug-ins

We invite you to provide and share your comments on our website content via social media platforms, which may involve the use of plug-ins, buttons and other social media elements. The terms plug-ins, buttons and social media elements are used interchangeably to refer to the linking of the functionality of the social media platforms with our website.

A marketing cookie is set by the plug-in to obtain certain information about your current browsing session, e.g. to inform the social media platform provider that you have visited our website. The social media element will be activated upon your consent in the cookie settings, a direct connection to the provider's server may be established. The social media platform provider may receive information that you have visited our website and collect your IP address.

The social media platform provider may also associate your visit to our website with your user account if you are logged into your social media account (e.g. Instagram) at the same time.

The activation of the plugin is based on your consent to the use of cookies. The legal basis is your consent within the meaning of Art. 6 para. 1 sentence 1 lit. a GDPR and Section 25 para. 1 TTDSG. You may revoke your consent at any time with effect for the future.

Instagram

We use the social media button and further features of the social media platform Instagram on our website. This functionality is provided by Meta Platform Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Ireland"). When clicked, the button establishes a direct connection between your device and the Instagram server. Instagram will then receive information about your visit on our website. This allows Instagram to associate your visit to our website with your user account. Please note that we have no knowledge of the content or the transmitted data or its use by Instagram.

To the extent that personal data is collected on our website using the tool described here and transferred to Meta Ireland or Instagram, we and Meta Ireland are jointly responsible for the data processing (joint controller in accordance with Art. 26 GDPR).

The joint controllership is limited exclusively to the collection of the data and its transmission to Meta Ireland or Instagram. Any data processing carried out by Meta Ireland or Instagram after the transfer is not part of our joint responsibility. Our joint obligations have been set out in a joint conroller agreement. You can learn more about the joint controller agreement and the use of your data here: https://www.facebook.com/legal/controller_addendum

According to this agreement, we are responsible for providing the data protection information when using Instagram and for the secure implementation thereof on our website in accordance with the data protection laws.

Meta Ireland is responsible for the data security of the Instagram products. You can assert data subject rights (e.g. requests for information) regarding your data processed by Meta Ireland or Instagram directly with Meta Ireland. If you assert your data subject rights with us, we are obliged to forward them to Meta Ireland.

You can learn more about the laws governing the use of Instagram products in Instagram's privacy policy here: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

Linktree

We use Linktree on our Instagram presence, a service from Linktree Pty Ltd, Melbourne Australia.

We use Linktree to display our links in the Instagram profile bundled on a website. Linktree receives information about your usage data when you click on the link and can collect information on user profiles and use it for analysis purposes.

The legal basis for data processing is our legitimate interest in the presentation of the links, Art. 6 para. 1 sentence 1 lit. f GDPR.

You can learn more on data processing on Linktree's privacy policy here: https://linktr.ee/s/privacy/

Events

We use the Google Forms function, which is part of a Google Workspace programme package, which we have integrated into our Instagram profile, for registration to our events. Google Forms is part of the Google Workspace programme package and is a service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

By registering for an event, you consent to the collection, storage and use of your personal data. We collect and process the data you enter in the registration form when you sign up for the event. These are your e-mail address, your name and your Instagram handle (i.e. a user name assigned to you individually). This data is required in order to register for our events. Following the event, we may send you additional information and a survey on the events held, provided you have given us your consent.

Google may act as a processor for Google Workspace, in this context Google's provisions on data processing apply, you can learn more on the processor terms here: https://business.safety.google/processorterms and on data processing in general from Google's privacy policy here: https://policies.google.com/privacy

Data processing for the purposes of event registration is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke this consent at any time with effect for the future. We retain your personal data for the purposes of organising the event and in order to send you additional information material on the subject of the event and to invite you to provide feedback. The registration data will be stored for the duration of and one month after the end of the event.

Donations

We invite you to support our work by becoming donors. For this purposes we have integrated the PayPal donation button on our website and use a personalised PayPal.me link to collect donations. You need a PayPal account to send a donation via our PayPal.me link. By clicking on the donation button you will be forwarded directly to the PayPal website. We do not store any payment data ourselves. Your payment data will be processed directly by PayPal (Europe) S.à r.l. et Cie, S.C.A, 283, route d'Arlon, L-1150 Luxembourg. You can learn more on data processing from PayPal’s privacy policy here: https://www.paypal.com/webapps/mpp/ua/privacy-full

When you make a donation, we will issue a donation receipt upon your request and otherwise, if we are legally obliged to do so, and process your personal data (full name and address) for this purpose. The legal basis for data processing is our legitimate interest in the donation option, Art. 6 para. 1 sentence 1 lit. f GDPR. Where a donation is processed, the legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR. The donations are voluntarily, we retain your personal data for the duration of the statutory retention period where a donation is processed.

Third-Party Links

This website contains third-party links to websites of other organisations. These organisations may have their own privacy policies and we recommend that you consult them before disclosing personal data. We assume no responsibility or liability for third-party websites or websites of other organisations.

Your Rights

There are several rights you have under the GDPR to access and control your personal data, these include the right to request access to, correction or deletion of your personal data; notification of recipients of correction or deletion of processing your personal data or to object to processing; and the right to data portability (meaning you may request the transfer of your personal data). If you wish to exercise any of the above rights, please contact us at info@rootsberlin.com. You also have the right to lodge a complaint with your local privacy authority in your country at any time. You can learn more on your right to lodge a complaint and find contact information of the authority responsible here: https://edpb.europa.eu/about-edpb/board/members_de.

We would appreciate the opportunity to address any of your concerns personally with us. If you wish to do so, please contact us in advance.