Edit privacy policy

As soon as you use beabee, you should add the following passages to the privacy policy of your website:

beabee – without payment service provider

We use beabee (beabee.io) by CORRECTIV – Recherchen für die Gesellschaft gemeinnützige GmbH, Huyssenallee 11, 45128 Essen, for the administration of our donor and user data as well as the targeted integration of our community via digital communication channels and the creation of user profiles. For this purpose, beabee stores data such as email addresses and names. All data is stored in Germany.

beabee - with payment service provider

We use beabee (beabee.io) by CORRECTIV - Recherchen für die Gesellschaft gemeinnützige GmbH. Huyssenallee 11, 45128 Essen, for the administration of our donor and user data as well as the targeted integration of our community via digital communication channels and the creation of user profiles. For this purpose, beabee stores data such as email address, name, payment data such as payment method and date of membership conclusion. All data is stored in Germany.

Sendgrid

We use Sendgrid, a tool from Twilio Inc. to send automatic emails. Twilio is based in the USA. To provide the SendGrid services, Twilio uses data centres from Zayo and Centurylink in the USA. Therefore, there is a transfer of data to third parties in a non-secure third country. More information about Twilio's privacy policy can be found here:

https://www.twilio.com/legal/data-protection-addendum https://www.twilio.com/gdpr https://www.twilio.com/legal/security-overview

Stripe

Source: https://opr.vc/docs/payment/stripe/

We offer the option of processing the payment transaction via the payment service provider Stripe, ℅ Legal Process, 510,Townsend St., San Francisco, CA 94103 (Stripe). This is in line with our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f DSGVO). In this context, we share the following data with Stripe to the extent necessary for the performance of the contract (Art. 6 para. 1 lit b. DSGVO).

Name of the cardholder E-mail address Customer number Order number Bank details Credit card details Period of validity of the credit card Credit card verification number (CVC) Date and time of transaction Transaction amount Name of the provider Place

The processing of the data provided under this section is not required by law or contract. We cannot process a payment through Stripe without the submission of your personal data. Stripe has a dual role as a controller and processor in data processing activities. As a controller, Stripe uses your submitted data to comply with regulatory obligations. This corresponds to Stripe's legitimate interest (pursuant to Art. 6 para. 1 lit. f DSGVO) and serves the performance of the contract (pursuant to Art. 6 para. 1 lit. b DSGVO). We have no influence on this process.

Stripe acts as a processor in order to be able to complete transactions within the payment networks. Within the scope of the order processing relationship, Stripe acts exclusively according to our instructions and has been contractually obligated within the meaning of Art. 28 DSGVO to comply with the provisions of data protection law.

Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).

For more information on opt-out and redress options against Stripe, please visit: https://stripe.com/privacy-center/legal

Your data will be stored by us until the completion of the payment processing. This also includes the period required for processing refunds, claims management and fraud prevention. [A statutory retention period of [X] years applies to us in accordance with [§ 147 AO / § 257 HGB] for the following documents: [ ]].

Mailchimp

If you use Mailchimp in combination with beabee, you should also include Mailchimp in your privacy policy. You can find guidance from Mailchimp as well as a sample privacy policy here: https://mailchimp.com/resources/how-to-write-a-privacy-policy/.

Alternatively, you can use the following text as a reference (source: https://correctiv.org/kontakt/datenschutz/):

If you register for one of our newsletters, we process your personal data in order to send you the requested newsletters and to analyze your use of the newsletter. For analysis purposes, the emails we send contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. UTM parameters may also be used. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked.

In this way, we compile statistics on user interactions with newsletter campaigns, which we use to improve our services and, where applicable, for personalized distribution. We also store your consent data in order to be able to prove valid consent in the event of a dispute.

Processing is carried out on the basis of your consent and our legitimate interest in the purposes described above (Art. 6(1)(f) GDPR). You may withdraw your consent at any time with effect for the future.

For the distribution and analysis of newsletters, we use the technical service provider The Rocket Science Group, LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (http://www.mailchimp.com/). Mailchimp also processes personal data in countries outside the EU. However, Mailchimp is certified under the Data Privacy Framework, ensuring an adequate level of protection for the processing of personal data.

Your data will be processed for as long as you subscribe to our newsletter. After you unsubscribe, your data will be deleted. Consent data may be retained for a certain period of up to three years after the end of the year in which you unsubscribed, for the purpose of providing evidence.