The authors of this site is responsible for all privacy matters and are also the “controller” fo the data under the provisions of the General Data Protection Regulation (GDPR).
We will use your personally identifiable information (or “data”, in the following) only under the strict regulations of the GDPR and in the ways explained stated in this policy.
You will find our full contact information of the responsible person(s) in our imprint; and you can quickly get in touch concerning privacy matters by using the email address firstname.lastname@example.org.
You have the following rights under the GDPR. By contacting us through any of the above-mentioned channels you can:
- Get information about what data is stored on you and how we process and use it
- Have us correct data we have on you, if it is incorrect
- Request that we delete any data we have on you, or
- Block access to your data if we need to retain it for legal reasons
- Object to the processing of your data
If you gave us explicit consent to use your data for a particular purpose you can at, any time, revoke that consent for any future use.
You also have the right to your supervisory authority if you think that something is amiss. You can contact the “Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin”, or the supervisory authority of your home country or region, if you live in the EU.
What data do we collect, and why?
In general, we will only collect data that it necessary for us to operate and improve this website and ensure the safety and integrity of our systems.
We will only collect additional from you only if that is necessary for a specific purpose.
In the following we will list what types of data we collect, how and when we collect it, and for which purpose.
Deletion and blocking of your data
In general, we only retain your data only as long as we need it for a specific purpose. If we cannot delete your data due to legal reasons we will block access to your data so that special privileges and authentication are required to access it.
Below you’ll find more details for each type of data.
Data necessary to operate this web site
Once you access any website, some data including your IP address is sent to the server(s) that contain the content of the web site. Your IP address can, under certain circumstances, be used to identify you as a person.
As this data transfer is necessary for the web site to work at all, so it is in our legitimate interest (Art. 6 (1) f GDPR) to process it.
This data is shared with all service providers (“processors” under the GDPR) who are involved in providing content for this web site.
- Our web hoster. This site is hosted with Netlify. They will receive only your IP address, and use it only to send you the pages. We have signed a Data Processing Addendum with them, that governs how they will use your data.
- Maps on this page are provided by Mapbox. They use the data only within the terms of the Data Processing Agreement that we have with us in order to provide embedded maps.
Objecting the use of your data: Since processing the data is neccessary for the web site to function at all, you can only “object” to the use of the data by not visiting it. (There are ways to mask your IP address (such as VPNs), but they are beyond the scope of this policy).
Deletion of the data: This type of data is normally deleted shortly within a few hours or days within using the site. With our current setup any log files that may are only accessible by technical staff of our processors – we ourselves do not have access.
We use Google Analytics to improve the usability of this web site and to find out which content our readers like most. Google Analytics is a service of Google Inc., and we have a data processing agreement with them in order to make sure that they only use your information as directed by us – they are a “processor” under the GDPR.
Analytics will create a pseudonymous user profile – we keep the profile pseudonymous by telling Analytics to shorten your IP address before processing it. In this way you cannot be identified as a person.
Using those profiles to improve our web site is in our legitimate interest (Art. 6 (1) f GDPR).
We do not use third-party-tracking. All Analytics data collected on this site is used only by us.
Objecting to the use of Google Analytics: If you prefer not to be tracked, you have several methods of stopping it:
- Enable the Do Not Track feature of your browser. We will honor that and not track you if it is active.
- Click this opt-out link. This will set a cookie in your browser to prevent Analytics from tracking you, but only on our site. You have to repeat this for all of your browsers/devices and whenever you clear your browser cookies.
- Download the Analytics opt-out plugin for your browser. This allows you to control Analytics on all pages that you visit.
You can also consult the Analytics Privacy Terms to learn more.
Deletion of your data: Your Google Analytics data is automatically deleted 14 months after your visit. You can also ask us to manually delete your profile, but you would need to provide the Analytics ID from the respective cookie
Cookies are small text files that are stored on your browser and sent back to the web site when you visit again. This can be used to recognize a certain user.
Commenting, contacting us and emails
When you use our comment or contact form, or send us an email, we will collect your name, email address and the data contained in the message(s) you sent us. You may also indicate if you would like us to publish your comment/opinion or not.
We will use this data to contact you regarding your request and to publish your comment/opinion on our site if you allow us to do so. We may use this data as it is in our legitimate interest (Art. 6 (1) f GDPR) to answer user requests and provide additional opinions to to our readers.
Processors that we use for this data:
Deletion of your data: Data for published comments will be stored as long as the comment is public, and delete afterwards unless were are legally obliged to store it longer. Private correspondence will be deleted upon request, or after 24 months, unless we have to retain it due to legal obligations.
Note that we will not usually delete published user content unless you have an important reason for asking us to do so. You may also ask us to remove publicly visible information about you from comments.
Objecting to the use of this data: You can chose to not send us any messages, in which case we will not process it.
When you subscribe to our newsletter, you will receive regular updates and news about theurbananimals.com. Your email will not be used for other purposes.
By signing up, you give us permission to store and use your email address for that purpose and to use tracking pixels and -links to see wether you’ve opened the mail or clicked any links (Art. 6 (1) a GDPR).
Objecting to the use of this data: You can unsubscribe to the newsletter at any time, by clicking the unsubscribe link in the mail. We will not send you any further updates after you unsubscribe.
You can prevent being tracked by not loading any images in the newsletter, and not clicking any links.
Deletion of your data: You can ask us to delete your information at any time. Obviously, we’ll also have to unsubscribe you from the newsletter in that case.
However, we need to retain the information that you gave us consent in the first place as this is something that we may have to prove under the GDPR.
What data is transferred to third countries outside of the EEA or the EU?
If possible, we prefer hosting locations within the EU. However, all of our service providers have data centers outside of the EU.
This means that it is possible that some data is transferred to third-party-states which have lower privacy standards than the EU.
In all of those cases we have additional guarantees that an EU-compliant privacy level is upheld for your data.
- Google Inc. may process some data outside of the EEA. Privacy standards are guaranteed through their Privacy Shield certification and in some cases additionally through the “EU contractual standard clauses”
- Netlify may process data outside of the EEA. Privacy standards are guaranteed through their Privacy Shield certification and we have also signed the “EU contractual standard clauses” with them
- Mapbox is based in the United States. Privacy standards are guaranteed through their Privacy Shield certification
- Sendgrid is based in the United States. Privacy standards are guaranteed through their Privacy Shield certification.
- Mailchimp is based in the United States. Privacy standards are guaranteed through their Privacy Shield certification.
Facebook can only collect that information if you visit that page, no information about visitors of this site is ever shared with Facebook: We do not include any Facebook code or tracking.
Facebook will provide some statistical information about visitors to our Facebook page to us. This data is not personally identifiable.
If you have any questions concerning your privacy, you can reach us at email@example.com.
Note that we’re not required to have an appointed data protection officer under Art 37.(1) of the GDPR – but we’ll be happy to answer any questions nonetheless.
Last updated on 08/02/2019