Ladies and Gentlemen!

In accordance with the requirements of Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), we hereby inform you that:

1. The data controller, i.e. the entity deciding for what purpose and how your data will be processed, is: Barka e. V., Schloßstr. 110, 12163 Berlin, Deutschland; Amtsgericht: VR 37545 B Finanzamt: 27/766/1760443, hereinafter referred to as the “Controller”.

2. The Foundation has appointed a Data Protection Officer. Julie Markussen serves as the Data Protection Officer at the organisation. She can be contacted by email at Julie.markussen@barkade.eu.

3. We process personal data for the following purposes:
a) to conclude a contract with you, in accordance with Article 6 paragraph 1 letter b of the GDPR;
b) to carry out the tasks specified in the Foundation’s statute, in order to provide assistance to persons who request it, on the basis of Article 6 paragraph 1 letter a and Article 6 paragraph 1 letter f of the GDPR;
c) to carry out tasks under the Social Integration Center Program, in accordance with Article 6 paragraph 1 letter a and c and Article 9 paragraph 1 letter g of the GDPR;
d) to contact you in order to provide assistance based on your prior consent on the organisation’s website, in accordance with Article 6 paragraph 1 letter a of the GDPR. Personal data provided on the website are treated as confidential and are not visible to unauthorized persons;
e) to implement projects for which we obtain your data on the basis of your prior consent, in accordance with Article 6 paragraph 1 letter a and c in conjunction with Article 9 paragraph 1 letter g of the GDPR;
f) compliance with a legal obligation incumbent on the Controller, in accordance with art. 6 sec. 1 letter c of the GDPR, e.g. for accounting purposes, issuing invoices, tax or archival purposes;
g) ensuring the safety of persons, property and protection of facilities at the organisation’s disposal, which is our legitimate interest, in accordance with art. 6 sec. 1 letter f of the GDPR;
h) possible establishment, pursuit or defence against claims, which is our legitimate interest, in accordance with art. 6 sec. 1 letter f of the GDPR.

4. The recipients of your personal data will be:
a) companies providing services to the Controller, in particular in the field of: personal data protection, ICT services, legal services, psychological/therapeutic assistance, computer software, training, device servicing and entities with which we have signed an agreement regarding the professional reintegration of CIS participants
b) entities and institutions of the public administration of the Republic of Germany authorized under applicable law and other non-governmental organizations and public administration of the EU.

5. Your personal data will not be transferred to a third country.

6. We will process personal data no longer than necessary, in particular:
a) for accounting and tax purposes, we will process it for as long as we are legally obliged to do so. Under current regulations, this is a period of 5 years from the end of the calendar year in which the tax obligation arose;
b) if personal data are processed by us for the purpose of pursuing claims (including in court proceedings), we may process them for this purpose for the limitation period for claims, in accordance with the provisions of the Civil Code;
d) if you consent to the processing of your personal data, whether for marketing purposes, image dissemination, or in many other cases when we request your consent, then we will process them until you withdraw your consent;
e) After the original purpose for which your data was collected has been achieved (e.g., performance of a contract, processing necessary for the performance of a contract), your data will be processed for archival purposes for a period consistent with our applicable archival regulations and for the period necessary to defend against claims brought against us, based on generally applicable laws, taking into account the limitation periods for claims specified in generally applicable laws. For employees, the personal data retention period is 10-50 years, depending on the date of employment. For cooperating entities, the data required to conclude a contract of mandate is retained for 6 years, after which the data is gradually deleted.

7. You have the right to:
a) access your personal data and receive a copy thereof;
b) rectify (correct) your data;
c) delete your data – if in your opinion there is no basis for us to process your data, you can request that we delete it;
d) restrict data processing – you can request that we limit the processing of your personal data solely to storing it or performing actions agreed upon with you, if in your opinion we have incorrect data about you or we are processing it unjustifiably; or you do not want us to delete it because it is necessary to establish, pursue, or defend legal claims; or for the duration of any objection to data processing;
e) object to data processing. You have the right to object to the processing of your data for direct marketing purposes. If you exercise this right, we will cease processing your data for this purpose;
f) object due to your specific situation. You also have the right to object to the processing of your data based on legitimate interests for purposes other than direct marketing. You should then indicate the specific situation that, in your opinion, justifies us discontinuing the processing covered by your objection. We will cease processing your data for these purposes unless we can demonstrate that the grounds for processing your data override your rights or that your data are necessary for us to establish, pursue, or defend legal claims;
g) data portability – you have the right to receive from us the personal data concerning you that we hold on the basis of a contract or your consent, in a structured, commonly used, and machine-readable format. You can also instruct us to transmit this data directly to another entity;
h) lodge a complaint with a supervisory authority – if you believe that we are processing your data unlawfully, you may lodge a complaint with the President of the Personal Data Protection Office at the following address: Personal Data Protection Office, ul. Stawki 2, 00-193, Warsaw;
i) withdraw consent to the processing of personal data – you have the right to withdraw your consent to the processing of personal data processed based on your consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

8. To exercise your rights, please contact us at the following email address: Julie.markussen@barkade.eu

9. Providing your data is voluntary, but necessary to enter into a contract with us, use our services, receive assistance, or contact us. We treat your consent as a voluntary, informed, and unequivocal declaration of will that may be withdrawn at any time.

10. The data is not subject to automated decision-making, including profiling.

Information clause regarding the processing of personal data in the Video Surveillance System – GDPR

In accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) of 27 April 2016 (OJ EU L 119, p. 1); hereinafter “GDPR”, we inform you that:

1. The Video Surveillance System is operated by the Data Controller, i.e. Barka e. V., Schloßstr. 110, 12163 Berlin, Deutschland; Amtsgericht: VR 37545 B Finanzamt: 27/766/1760443
2. Your personal data will be processed in the Video Surveillance System for the purpose and to the extent necessary to ensure the safety of persons and property located on the premises of Barka e. V.
3. Personal data in the Video Surveillance System are processed due to the legitimate interest referred to in Article 6 paragraph 1 letter f of the GDPR.
4. The recipients of personal data processed in the Video Surveillance System are authorized employees of the Organisation and other entities authorized to obtain personal data on the basis of separate legal provisions and agreements with the Controller.
5. The Video Surveillance System stores personal data (recordings) for a period of 3 weeks – up to a maximum of 3 months, and then the material is automatically overwritten.
6. You have the right to request from the controller: access to your personal data, deletion or restriction of processing, and to object to the processing of your personal data for reasons related to your particular situation.
7. In the event of a breach of personal data, you have the right to lodge a complaint with the President of the Personal Data Protection Office (to the address of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw).