Privacy policy
Status April 2023
With this privacy policy, mycelia gGmbH informs you about data processing on the company website as well as on project websites:
- https://mycelia.education
Data protection is of a particularly high priority for the management of the mycelia gGmbH. The use of the Internet pages of the mycelia gGmbH is possible without any indication of personal data. However, if a data subject wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the country-specific data protection regulations applicable to the mycelia gGmbH. By means of this privacy policy, our company would like to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this data protection declaration.
As the controller, the mycelia gGmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
1. terms used
Terms used in this Privacy Policy include, but are not limited to.
Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Cookies
Cookies are small text files or similar technologies that are stored in your browser by the websites you have visited and can be read by them and other websites. They are used to make websites optimally usable or to provide the operator with certain information about the website, e.g. to design advertising according to interests. Cookies may contain personal data, such as a personal ID.
Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Legal basis
A permission to process personal data for specific purposes.
Receiver
Recipient means a natural or legal person, public authority, agency or other body to whom personal data is disclosed.
Responsible
Controller or data controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
Web hosting
Web hosting is the provision of web space and the hosting of websites on the web server of an Internet service provider.
Consent
Consent shall mean any freely given indication of the data subject’s wishes for the specific case in an informed and unambiguous manner in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
Third country
All countries outside the European Union.
Profiling
Any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
2. responsible body
As the operator of the website, we are the responsible party for your personal data. Our contact details are:
mycelia gGmbH
Eylauer street 14
10965 Berlin
E-mail: datenschutz@mycelia.education
3. personal data
You can visit our website without providing personal data. Insofar as personal data (such as name, address or e-mail address) is collected on our pages, this is done, as far as possible, on a voluntary basis. This data will not be disclosed to third parties without your express consent. If a contractual relationship is to be established between you and us, or its content is to be developed or changed, or if you submit an inquiry to us, we collect and use personal data from you to the extent necessary for these purposes (inventory data). We collect, process and use personal data to the extent necessary to enable you to use the website (usage data).
All personal data will be stored only as long as necessary for the stated purpose (processing of your request or processing of a contract). Retention periods under tax and commercial law are taken into account. By order of the competent authorities, we may provide information on this data (inventory data) in individual cases, insofar as this is necessary for the purposes of criminal prosecution, averting danger, fulfilling the statutory tasks of the constitution protection authorities or the Military Counter-Intelligence Service, or enforcing intellectual property rights.
4th Newsletter
If you subscribe to our company’s newsletter, the data in the respective input mask will be transmitted to the controller. Registration for our newsletter takes place in a so-called double opt-in procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that no one can log in with other people’s e-mail addresses. When registering for the newsletter, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the data subject. The data will not be passed on to third parties. An exception exists if there is a legal obligation to pass on the data. The data will be used exclusively for sending the newsletter. The subscription to the newsletter can be canceled by the data subject at any time. Consent to the storage of personal data can also be revoked at any time. For this purpose, you will find a corresponding link in every newsletter. The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a) GDPR. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 para. 3 UWG.
Use of Brevo
Description and purpose: We use Brevo to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Brevo is used to organize and analyze the sending of newsletters, among other things. The data you enter for the purpose of subscribing to the newsletter will be stored on Brevo’s servers in Germany. If you do not wish to be analyzed by Brevo, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. For the purpose of analysis, the emails sent with Brevo contain a so-called tracking pixel, which connects to Brevo’s servers when the email is opened. In this way, it can be determined whether a newsletter message has been opened. We can also use Brevo to determine whether and which links in the newsletter message are clicked on. Optionally, links in the e-mail can be set as tracking links with which your clicks can be counted.
Legal basis: The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR.
Recipient: The recipient of the data is Sendinblue GmbH.
Transfer to third countries: Data is not transferred to third countries.
Duration: The data stored by you as part of your consent for the purpose of the newsletter will be stored until you unsubscribe from the newsletter and deleted from both our servers and Brevo’s servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.
Revocation option: You have the option to revoke your consent to data processing at any time with effect for the future. The legality of the data processing operations already carried out remains unaffected by the revocation.
5. your rights
You have the following rights if the respective requirements are met:
Right of access, Art. 15 DSGVO
Right to rectification, Art. 16 DSGVO
Right to erasure, Art. 17 DSGVO
Right to restriction of processing, Art. 18 DSGVO
Right to data portability, Art. 20 DSGVO
Right of objection, Art. 21 DSGVO
Right to revoke consent given at any time, Art. 7 para. 3 DSGVO, whereby the revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 DSGVO).
6. google fonts
We embed Google fonts on our website (“Google Fonts”). You can find more information in Google’s privacy policy. You can find the opt-out option here.
Each time you visit our website, files are loaded from a server of the site https://fonts.google.com/ to display the texts in a certain font. In doing so, their IP address may be transmitted to the server and stored as part of the usual weblog. The further processing of this information is the responsibility of Google. We use Google Fonts to make the presentation of our website clearer and more user-friendly.
The legal basis for the processing of your personal data using Google Fonts is Art. 6 para. 1 lit. f) GDPR. The transfer of personal data to the USA takes place on the basis of standard contractual clauses (Art. 46 para. 2 lit. c) DS-GVO). These oblige Google to comply with EU data protection standards. The European Commission has approved these standard contractual clauses. You can access the standard contractual clauses on Google’s website.
7. disclosure of your data to third parties
Access to your personal data is technically possible for service providers and contractual partners with whom we cooperate for the operation of the website. To ensure the error-free operation of our web server and to guarantee server security, your unabridged IP address is stored for a period of 7 days, e.g. by our server service provider netcup GmbH, Daimlerstraße 25, D-76185 Karlsruhe. These external providers are required to use your personal information only to provide the services we request or otherwise in accordance with our instructions.
Except for the transfers mentioned above, we do not transfer, sell or market your personal data to third parties, such as other companies or organizations, unless you have given your express consent to do so or the transfer is necessary to fulfill our contractual obligations to you, the user of the website.
8. duration of data storage
The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the deadline, we routinely delete the corresponding data if it is no longer required for the fulfillment of the contract. If the purpose of storage no longer applies or if a storage period prescribed by the European Directive and Regulation or another competent legislator expires, we routinely block or delete the personal data in accordance with the statutory provisions.
9. management of the cookies used
To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/de/rcb/datenverarbeitung/.
Legal bases for the processing of personal data in this context are Art. 6 para. 1 lit. c DS-GVO and Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to manage the cookies and similar technologies used and the related consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal information, we will not be able to manage your consents.