Impressum

Table of Content

1. General
2. Privacy policy
3. Newsletter/ Email Marketing
4. Online Booking Systems Introduction

General

Civil Action Network – Zivilgesellschaft für Frieden
Malzgasse 4/11
1020 Vienna
Austria
E-Mail: team@civilaction.net

ZVR-Number: 1299357938

Chairperson
Sonia Borkowicz
E-Mail: sonia.borkowicz@civilaction.net

Purpose of the association
The association, which is non-profit oriented, follows the purpose of promoting peace movements, the sustainable preservation of peace and a well-rounded education on the topic of peace. Thus, the association is charitable (=gemeinnützig) in the sense of §35 BAO.

Picture credits
The image rights are held by the Civil Action Network.

Additional online presences
This legal notice also applies to:

• https://www.instagram.com/civilactionnetwork/
• https://www.facebook.com/civilactionnetwork/

All texts are protected by copyright.

Privacy policy

Introduction and Overview

We have prepared this privacy policy (version 20.09.2024-122874296) to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, what personal data (briefly referred to as “data”) we as controllers — and the processors we commission (e.g., providers) — process, will process in the future, and what lawful options you have. The terms used are to be understood as gender-neutral.
In short: We comprehensively inform you about the data we process about you.

Privacy policies typically sound very technical and use legal jargon. However, this privacy policy aims to explain the most important things as simply and transparently as possible. Where it promotes transparency, technical terms are explained in a user-friendly way, links to additional information are provided, and graphics are used.
We provide clear and simple language to inform you that we will only process personal data in the context of our business activities when a corresponding legal basis exists. This is certainly not possible when issuing very brief, unclear, and legally technical explanations, as is often standard online when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is some information you didn’t know before.

Scope

This privacy policy applies to all personal data processed by our company and to all personal data processed by companies commissioned by us (data processors). By personal data, we mean information as defined in Art. 4 No. 1 GDPR, such as the name, email address, and postal address of a person. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites, event booking, donations, memberships) we operate
• social media presences and email communication

In short: This privacy policy applies to all areas where personal data is processed within the company through the mentioned channels. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal Bases

In this privacy policy, we provide transparent information about the legal principles and regulations, specifically the legal bases of the General Data Protection Regulation (GDPR), that allow us to process personal data.
Regarding EU law, we refer to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL from April 27, 2016. You can, of course, read this General Data Protection Regulation of the EU online on EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions is met:

1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data from a contact form.
2. Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we enter into a purchase contract with you, we need personal information in advance.
3. Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to retain invoices for bookkeeping. These generally contain personal data.
4. Legitimate interests (Article 6(1)(f) GDPR): In cases of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to keep our website secure and operate it efficiently. This processing, therefore, constitutes a legitimate interest.

Other conditions, such as the performance of tasks in the public interest and the exercise of official authority, as well as the protection of vital interests, generally do not apply to us. If such a legal basis should nevertheless become relevant, it will be indicated at the appropriate point.

In addition to the EU regulation, Austrian national law also apply, this is the Federal Act on the Protection of Natural Persons regarding the Processing of Personal Data (Data Protection Act), abbreviated as DSG.

Storage Duration

As a general rule, we only store personal data for as long as it is absolutely necessary for providing our services and products. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are legally obliged to retain certain data even after the original purpose has been fulfilled, for example, for accounting purposes.

If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible, provided there is no legal obligation to retain it.

We will inform you about the specific duration of the respective data processing further below, if we have more information on this.

newsletter/ Email Marketing

Email marketing summary

👥 Audience: Newsletter subscribers
🎯 Purpose: Direct advertising via email, notification of system-relevant events
📓 Processed data: Data entered during registration, but at least the email address. More details can be found in the email marketing tool used.
🗂 Storage duration: Duration of subscription
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Email Marketing?

To keep you informed, we also use email marketing. When you have agreed to receive our emails or newsletters, your data will be processed and stored. Email marketing is a part of online marketing. It involves sending news or general information about a company, products, or services via email to a specific group of people who are interested.

If you want to participate in our email marketing (usually via newsletter), you generally just need to sign up with your email address. You will fill out an online form and submit it. It may also happen that we ask for your salutation and name so we can address you personally.

Registration for newsletters generally uses the “double opt-in” procedure. After signing up for our newsletter on our website, you will receive an email to confirm your subscription. This ensures that the email address belongs to you and that no one else has registered with a foreign email address. We, or the notification tool we use, will log each registration. This is necessary to prove that the registration process was legally valid. Usually, the time of registration, the time of confirmation, and your IP address are stored. It is also logged when you make changes to your stored data.

What data is processed?

When you subscribe to our newsletter through our website, you confirm your membership in an email list via email. In addition to your IP address and email address, your salutation, name, address, and phone number may also be stored, but only if you consent to this data storage. The data marked as such is necessary for you to use the offered service. Providing this data is voluntary, but not providing it will result in being unable to use the service. Additionally, information about your device or preferred content on our website may also be stored. For more information on data storage when visiting a website, see the section “Automatic Data Storage.” We record your consent so that we can always prove compliance with the law.

Duration of Data Processing

If you unsubscribe your email address from our email/newsletter list, we may store your address for up to three years based on our legitimate interests, to be able to prove your previous consent. We will only process this data if necessary to defend ourselves against legal claims.

However, if you confirm that you have given us consent for the newsletter registration, you may request the deletion of your data at any time. If you permanently withdraw your consent, we reserve the right to store your email address in a suppression list. As long as you voluntarily subscribe to our newsletter, we will of course also retain your email address.

Right to Object

You may unsubscribe from the newsletter at any time. All you have to do is withdraw your consent to the newsletter subscription. This usually takes only a few seconds or one or two clicks. Typically, you will find a link at the end of each email that allows you to unsubscribe from the newsletter. If the link is truly missing from the newsletter, please contact us via email, and we will promptly cancel your subscription.

Legal Basis

Sending our newsletter is based on your consent (Article 6 para. 1 lit. a GDPR). This means we can only send you a newsletter if you have actively signed up for it. We may also send you promotional messages if you have become our customer and have not objected to the use of your email address for direct marketing.

Information on specific email marketing services and how they process personal data is provided in the following sections, if available.

Online Booking Systems Introduction

Online Booking Systems Privacy Policy Summary and Overview

👥 Affected: Website visitors
🎯 Purpose: Improving user experience and organization
📓 Processed data: The data processed depends heavily on the services used. It usually involves IP addresses, contact and payment details, and/or technical data. More details can be found in the tools used.
🗂 Storage duration: depends on the tools used
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is an Online Booking System?

To allow you to make bookings via our website, we use one or more booking systems. For example, appointments can be easily made online. A booking system is a software application integrated into our website that shows available resources (such as open time slots) and allows you to book and often pay online. You are probably already familiar with such booking systems from the hospitality industry. Nowadays, however, such systems are used in various industries. Booking systems can be used internally for us as well as for customers like you, depending on the tool and settings. In general, personal data from you is collected and stored.

Typically, the booking process works as follows: You find the booking system on our website, where you can book a service with a click of the mouse and provide your data. Often, you can also pay directly if there is something to be paid. You may also be required to fill out a form with various personal information. Please be aware that all the data you enter can be stored and managed in a database.

Why do we use an online booking system?

We view our website as a free service for you. You should receive helpful information and feel comfortable on our site. This includes an online service that makes booking appointments or services as easy as possible. Gone are the days when you had to wait for days for a booking confirmation via phone or email. With an online booking system, you can complete everything in just a few clicks and move on to other tasks. For us, the system also simplifies the management of all bookings and appointments. Therefore, we consider such a booking system to be absolutely beneficial for both you and us.

What data is processed?

We cannot specify exactly what data is processed in this general information text about booking systems. This always depends on the tool used and the features and capabilities included. Many booking systems offer additional features beyond the standard booking function. For example, many systems also have an integrated external online payment system (e.g., from Stripe, Klarna, or PayPal) and a calendar synchronization function. Accordingly, the amount of data processed varies depending on the features. Typically, data such as IP address, name, contact details, technical information about your device, and the time of booking is processed. If you make a payment in the system, bank details such as account number, credit card number, passwords, TANs, etc., are also stored and passed on to the respective payment provider. We recommend reading the privacy policy of the tool you are using to understand exactly what data is processed.

Duration of data processing

Each booking system stores data for different lengths of time. Therefore, we cannot provide specific information on the duration of data processing here. In general, however, personal data is only stored for as long as necessary to provide the services. Booking systems typically use cookies, which store information for varying periods. Some cookies are deleted immediately after leaving the site, while others can be stored for several years. You can learn more about this in our “Cookies” section. Please also review the privacy policies of the respective providers to determine how long your data will be stored in a specific case.

Right to object

If you have consented to data processing through a booking system, you always have the option and the right to withdraw this consent. Please always be aware that you have rights regarding your personal data, and you can exercise these rights at any time. If you do not want personal data to be processed, then no personal data should be processed. It is as simple as that. The easiest way to revoke data processing is through a cookie consent tool or other available opt-out features. You can also manage cookie storage directly in your browser, for example. Until your withdrawal, the lawfulness of data processing remains unaffected.

Legal Basis

If you have consented to the use of booking systems, the legal basis for the corresponding data processing is your consent. According to Article 6 para. 1 lit. a GDPR (consent), this consent forms the legal basis for the processing of personal data that may occur through booking systems.

Furthermore, we also have a legitimate interest in using booking systems, as this helps us improve our customer service and optimize our internal booking organization. The corresponding legal basis for this is Article 6 para. 1 lit. f GDPR (legitimate interests). However, we only use these tools once you have given your consent. We want to emphasize this again at this point.