Privacy Notice
💡 Last Updated: 22 November 2024
This Privacy Notice explains how we handle your Personal Data and your rights regarding it. It covers data collection, use, sharing, storage, retention, transfer, and your privacy rights. Our Privacy Notice applies to all Personal Data you provide to us or that we collect when you use our Platform and related services. Please read it carefully to understand how we protect your privacy.
Handstree UG (haftungsbeschränkt) ( “Handstree”, “we” or “us” ) is committed to protecting your privacy.
This Privacy Notice ( “Notice” ) explains how we handle your Personal Data and your rights regarding it.
Our Privacy Notice applies to all Personal Data you provide to us or that we collect when you use our website at https://handstree.com ( “Platform” ), and any related services, websites, or applications linked to this Notice.
As the Data Controller, we determine how and why your Personal Data is processed.
This Notice explains how we handle your Personal Data when you:
- Create and manage your personal account or Social Project
- Use our Platform and its Services
- Interact with Social Projects and other users
- Make donations or contributions
- Participate in Volunteer Events and collaborations
- Communicate with us directly
Contact Us
You can reach out to us using the contact details provided below.
Company: Handstree UG (haftungsbeschränkt)
Address:
Paul-Lincke-Ufer 21
c/o betterplace Umspannwerk GmbH
10999, Berlin, Germany
Email: [email protected]
If you have any questions, please do not hesitate to contact us. We will be happy to assist you.
Definitions
Understanding the key definitions will help you better grasp the terms and provisions in this Privacy Notice.
“Personal Data” refers to any information relating to an identified or identifiable natural person.
“Data Subject” is an individual who can be identified, directly or indirectly, by reference to Personal Data.
“Processing” encompasses any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Data Controller” is the entity that determines the purposes and means of the Processing of Personal Data.
“Data Processor” is an entity that processes Personal Data on behalf of the Data Controller.
“Data Protection Legislation” refers to the laws and regulations that govern the processing of personal data, including the GDPR and other applicable laws in the jurisdictions where we operate, to protect individuals' privacy rights.
Data Collection
We collect Personal Data directly from you, automatically through your use of our Platform, and from third parties.
Personal Data You Provide Directly to Us:
When interacting with our Platform, you may provide us with the following Personal Data directly:
- Account Information. Includes your name, email address, username, password, and any other details you provide when creating an account.
- Profile Information. Optional details such as your location, interests, profile picture (avatar), bio, and other preferences that personalise your profile.
- Social Project’s Representatives: Contact details of key representatives and founders of Social Projects, including names, email addresses, phone numbers, and professional qualifications. This information is used only for verification and management of Social Projects on our Platform.
- Information About Your Connections. Details about your following, followers, community groups, and interactions within the Platform.
- Feedback and Communication Data. Content from communications with us through email, chat, social media, and feedback you provide via our Platform.
- Volunteer Information. Details about your skills, availability, and participation history if you engage in Volunteer Events or collaborations.
- User Content. Any content you submit or post, such as updates, comments, reviews, and photos.
- Transaction Data. If you make donations or contributions through our Platform, please note that we do not process or store transaction information and payment details directly. This data is handled securely by our payment processor.
Personal Data We Collect Automatically:
Certain Personal Data is collected automatically as you use our Platform:
- Usage Data. Information on how you interact with the Platform, including pages visited, features used, session duration, and usage patterns.
- Device and Browser Information. Data on the device you use to access our Platform, such as device type, operating system, browser type, and IP address.
Personal Data We Receive from Third Parties:
We may receive Personal Data from external sources:
- Publicly Available Information . We may collect information about Social Project representatives, such as key contacts and founders, from public databases and professional profiles to verify legitimacy and support management.
- Social Media Platforms . We may receive data from interactions with our social media pages, as permitted by your privacy settings, including profile information and engagement activity.
- Service Providers . We obtain data from third-party service providers, such as payment processors and analytics providers, to facilitate transactions and enhance platform performance.
Data Use
We use your Personal Data to manage accounts, handle interactions with Social Projects, moderate content, enhance user experience, ensure security, conduct research, comply with legal obligations, and send marketing communications with your consent.
| Purpose | Legal Basis | Details/Description |
| Account Management | Performance of a Contract | Creating, managing, and authenticating user accounts, and handling user requests and subscriptions. |
| Interactions with Social Projects | Performance of a Contract | Handling donations, providing updates and managing volunteer activities with Social Projects. |
| User Content Handling | Performance of a Contract | Moderating, displaying, and managing User Content to ensure compliance with the Terms. |
| User Experience and Support | Legitimate Interests | Enhancing user experience through feedback analysis, improving platform functionality, and providing support. |
| Fraud Prevention and Security | Legitimate Interests | Preventing fraudulent activities, managing security risks, and ensuring the integrity of the Platform. |
| Research and Analysis | Legitimate Interests | Analysing user data and conducting research to improve services and understand usage patterns. |
| Recommendation of Social Projects | Legitimate Interests | Providing personalised recommendations for Social Projects based on user activities, interests, and the accounts you follow to enhance engagement and relevance. |
| Compliance with Legal Obligations | Legal Obligation | Adhering to financial regulations, tax laws, and handling legal disputes and reporting requirements. |
| Marketing Communications | Consent | Sending promotional materials and surveys based on consent of User, with the option to withdraw consent at any time. |
Cookies
Essential cookies
Our Platform utilises necessary cookies to ensure its basic functionality and security. These cookies are essential for the operation of the Platform and do not require user consent. They enable core functions such as page navigation and access to secure areas of the Platform.
| Cookie | Purpose |
|---|---|
| handstree_cookie_consent | cookies.descriptions.essentials.handstree_cookie_consent Duration: 1 year 1 month 1 day |
| handstree_session | Handstree: Used to identify the user's browsing session Duration: 2 hours |
| handstree_locale | Handstree: Website locale Duration: 1 year 1 month 1 day |
| handstree_currency | Handstree: Website currency Duration: 1 year 1 month 1 day |
| remember_web_* | Handstree: Website locale Duration: 1 year 1 month 1 day |
| XSRF-TOKEN | Handstree: Used to secure both the user and our website against cross-site request forgery attacks Duration: 2 hours |
| _cf_bm | Cloudflare: Bot manager, manages incoming traffic that matches criteria associated with bots Duration: 30 minutes |
| _cfuvid | Cloudflare: Enforce rate limiting rules Duration: 1 second |
| cf_clearance | Cloudflare: Bot prevention Duration: 1 year 1 month 1 day |
Analytics cookies
We use these for internal research on how we can improve the service we provide for all our users. These cookies assess how you interact with our website.
| Cookie | Purpose |
|---|---|
| _pk_id.*.* | Piwik PRO Tracker (JS tracking client) Duration: 1 year 1 month 1 day 30 minutes |
| _pk_ses.*.* | Piwik PRO: Tracker (JS tracking client) Duration: 30 minutes |
| stg_traffic_source_priority | Piwik PRO: Tag Manager Duration: 30 minutes |
| stg_last_interaction | Piwik PRO: Tag Manager Duration: 1 year 1 month 1 day |
| stg_returning_visitor | Piwik PRO: Tag Manager Duration: 1 year 1 month 1 day |
| stg_fired__* | Piwik PRO: Tag Manager Duration: 1 second |
| stg_utm_campaign | Piwik PRO: Tag Manager Duration: 1 second |
| stg_pk_campaign | Piwik PRO: Tag Manager Duration: 1 second |
| stg_externalReferrer | Piwik PRO: Tag Manager Duration: 1 second |
| _stg_optout | Piwik PRO: Tag Manager Duration: 1 month 1 week 1 day |
| _pk_cvar.*.* | Piwik PRO: Tracker (JS tracking client) Duration: 30 minutes |
Data Sharing
We share your Personal Data with service providers, legal authorities, and during business transfers to support Platform functionality and comply with legal requirements. Your data may also be visible to other users and Social Projects on our Platform.
Information Shared on the Platform
With Other Users and Visitors
Our Platform is publicly accessible, and when you interact with Social Projects, some of your Personal Data, such as your name and profile information, may be visible to other users and visitors. This includes:
- Profile Information . Your name, profile picture, location, interests, and other details you choose to include in your profile.
- User Content . Any content you submit or post, such as comments, reviews, updates, or photos.
- Engagement Data . Information about your interactions with other users, such as following, followers, community groups, and interactions within the platform.
With Social Projects
When you support Social Projects and their Initiatives or Volunteer Events on our Platform, we may share your Personal Data with the respective Social Projects to facilitate communication, acknowledge donations, coordinate participation, and ensure transparency.
With Third Parties
We may share your Personal Data in the following situations:
- Service Providers . We engage third-party service providers to assist in delivering our services, including platform development, hosting, maintenance, backup, storage, payment processing, analysis, marketing, IT and security services, and professional legal, financial, or advisory services to ensure compliance and effective operations.
- Legal Authorities . We may disclose your Personal Data if required by law or in response to valid legal requests, such as court orders or subpoenas. We may also share data to protect our rights, property, safety, or the rights, property, or safety of others.
- With Your Consent . We will obtain your consent before sharing your Personal Data with third parties for purposes not described in this Privacy Notice. You have the right to withdraw your consent at any time.
Aggregated and Anonymized Data
We may share data that has been aggregated and anonymized, meaning it does not include any Personal Data or details that could identify you in any way. This type of data is used for analysis, research, and improving our Platform and Services, and it is shared with third parties to support these purposes while ensuring your privacy remains protected.
Data Storage
Personal Data is securely stored within the EEA, protected by encryption and access controls, with measures to prevent unauthorised access or data loss.
Your data is securely stored within the European Economic Area (EEA) and is protected by rigorous data protection standards. We use encryption to safeguard data during transmission, ensuring it remains secure from interception or tampering.
Our technical and organisational measures are designed to prevent unauthorised access, loss, misuse, alteration, or destruction of your Personal Data. We continuously monitor our systems for potential security threats and promptly address any vulnerabilities. Our security practices comply with industry standards and relevant Data Protection Legislation.
Despite our extensive security measures, no system can guarantee absolute security. We recommend keeping your login credentials confidential to help protect your account from unauthorised access.
Data Retention
Personal Data is retained only as long as needed for its purpose or as required by law. Data is securely deleted or anonymized when no longer needed.
We keep your Personal Data only as long as necessary for the purposes outlined in this Privacy Notice and as required by law. Here's how we manage different types of data:
- Account Information . We retain this data while your account is active. If you choose to delete your account, we will remove all associated Personal Data from our systems promptly and securely.
- Social Project Information . We retain this data for as long as the Social Project’s page is active. After termination, the page will be archived and remain accessible for review to ensure transparency.
- Volunteer Activity Data . This data is kept to manage and document your volunteer activities. It is deleted when no longer needed for these purposes.
- Transaction Data . We do not process or store transaction details. These are handled securely by our payment processor. We retain records as necessary to comply with legal obligations and ensure service quality.
- User Content . We retain content you provide until you decide to update or delete it. This includes information in your profile and interactions on our Platform.
- Compliance and Legal Obligations . Some data may be kept longer to meet legal requirements, such as for financial reporting or resolving disputes.
When data is no longer needed for its intended purpose or to meet legal obligations, we securely delete or anonymize it to protect your privacy.
You have the ability to manage your data, including updating or deleting your information. If you have any questions or need assistance, please contact us at [email protected] .
Data Transfer
Personal Data may be transferred outside the EEA using appropriate safeguards, while maintaining your privacy rights.
We may transfer your Personal Data to locations outside the European Economic Area (EEA), Switzerland, and the UK. When doing so, we ensure that your data remains protected by using legal mechanisms such as standard contractual clauses, adequacy decisions, or other appropriate safeguards.
We implement robust security measures, including encryption and pseudonymization, to protect your data throughout the transfer process. We also ensure that any third parties receiving your data outside these regions adhere to data protection standards equivalent to those required by applicable laws.
Regardless of the location of data processing or storage, your rights under this Privacy Notice remain unaffected.
Privacy Rights
You have rights to access, correct, delete, or restrict the processing of your Personal Data. Contact us to exercise these rights or for any privacy-related concerns.
You have specific rights regarding your Personal Data, which may vary based on your location and applicable Data Protection Legislation. These rights include:
- Right to Access. You may request access to the Personal Data we hold about you and details on how we use it.
- Right to Rectification. If you believe any of your Personal Data is inaccurate or incomplete, you can request that we correct or update it. We will make the necessary corrections promptly upon verification.
- Right to Erasure. You can request the deletion of your Personal Data under certain conditions, such as when it is no longer needed for the purposes for which it was collected.
- Right to Restriction of Processing. You may request that we limit the processing of your Personal Data in specific situations, such as when you contest the accuracy of the data or when processing is unlawful. We will restrict processing while we review your request.
- Right to Data Portability. You have the right to receive your Personal Data in a structured, machine-readable format and to transfer that data to another data controller where feasible.
- Right to Object. You may object to the processing of your Personal Data under certain conditions, including when processing is based on legitimate interests or used for direct marketing purposes.
- Right to Withdraw Consent. If our processing of your Personal Data is based on your consent, you can withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
-
Right to Lodge a Complaint.
If you believe we have not adhered to your privacy rights or relevant Data Protection Legislation, you can file a complaint with the appropriate supervisory authority:
- For EEA residents: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
- For UK residents: https://ico.org.uk/make-a-complaint/
- For Ukraine residents: you can file a complaint with the Ukrainian Parliament Commissioner for Human Rights (Ombudsman) or the court
We encourage you to contact us first to address any concerns you may have. We are dedicated to facilitating your privacy rights and will respond to any requests or inquiries promptly.
To exercise your privacy rights or for questions regarding our privacy practices, please contact us at [email protected] .
Children's Privacy
Our services are for users 18 and older. We do not knowingly collect data from children under 18 without parental consent.
Our Platform is not directed to children under the age of 18 and we do not knowingly collect Personal Data from children.
If you are a parent or guardian and believe that your child has provided us with Personal Data, please contact us so that we can take necessary action to remove that data from our servers and terminate the child's account if applicable.
We are committed to protecting the privacy of children online and encourage parents and guardians to be actively involved in their children's online activities.
Third-Party Links
Our Platform may link to third-party sites. We are not responsible for their privacy practices, so review their policies before sharing your data.
Our Platform may contain links to third-party websites or services that are not operated or controlled by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We strongly advise you to review the privacy policies and terms of use of every website you visit.
Changes to this Notice
We may update this Privacy Notice. We'll notify you of changes, and the updates will take effect on the specified date.
We will keep you informed about how we handle your Personal Data. As a result, we may update this Privacy Notice occasionally to reflect any changes in our practices or legal requirements. If we make any material changes to this Privacy Notice, we will notify you through our Platform or via email before the changes taking effect.
We encourage you to review this Privacy Notice periodically to stay informed about how we collect, use, and protect your Personal Data.