Privacy

Privacy Policy

How we process personal data, on what basis, and what rights you have.

Controller

The party responsible for processing personal data pursuant to Art. 4 No. 7 GDPR is:

Türkischer Arbeitgeber Bund Hamburg e. V. (TAB Hamburg)
Heinrich-Hertz-Straße 143, 22083 Hamburg
info@tab-hamburg.de

The competent supervisory authority is the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI), Ludwig-Erhard-Str. 22, 20459 Hamburg, datenschutz@datenschutz.hamburg.de.

Your rights

As a data subject you have the following rights towards us:

  • Access to the data we have stored about you (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing (Art. 21 GDPR)
  • Complaint to the competent supervisory authority (Art. 77 GDPR)

You can withdraw any consent you have given at any time with effect for the future. To exercise your rights, an informal email to info@tab-hamburg.de is sufficient.

Visiting the website

Server log files

When you access our website, our hosting provider automatically processes technical access data:

  • Anonymised IP address of the requesting device
  • Date and time of access
  • Page accessed and amount of data transferred
  • User agent (browser, operating system)
  • HTTP status code

This data is processed exclusively to ensure stable operation and to detect attacks. It is not merged with other data sources. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in secure operation). Storage period: no more than 7 days.

Hosting and data processing

This website is hosted as a static HTML site with Hostinger International Ltd., 61 Lordou Vironos, 6023 Larnaka, Cyprus. The domain tab-hamburg.de is also managed via Hostinger. The servers are located in the European Union. A data processing agreement pursuant to Art. 28 GDPR exists between us and Hostinger. No data transfers outside the EU take place.

Reach measurement (Plausible Analytics)

We use Plausible Analytics, a privacy-friendly web analytics tool, to statistically evaluate the use of our website and improve our services.

Plausible Analytics sets no cookies, creates no user profiles and collects no personal data. Only aggregated metrics such as page views and approximate regions of origin are evaluated. Identification of individual persons is not possible.

Provider: Plausible Analytics OÜ, Västriku tn 2, 50403 Tartu, Estonia (EU). Since no personal data is processed, no data processing agreement is required. Further information can be found in Plausible's privacy policy.

The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in optimising our web services).

Cookies and tracking

We use no tracking cookies, remarketing technologies or advertising technologies. The website uses exclusively technically necessary mechanisms (e.g. storing your cookie setting and language preference in local browser storage). No consent is required for this.

Contact form

When you write to us via the contact form on this website, we process the following data:

  • First and last name
  • Email address
  • Content of your message
  • Optional: a PDF file you attach (e.g. a completed membership application, max. 8 MB)

The data is transmitted via an encrypted HTTPS connection to our server-side PHP script on the Hostinger server. The script forwards your message as an email to the internal association address. No permanent storage in a database takes place; the script itself does not store any data.

The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in handling your enquiry). Where your enquiry leads to the conclusion of a contract, Art. 6 (1) (b) GDPR is the additional basis. Storage period in our email inbox: until your enquiry has been conclusively answered, at most 12 months.

Spam protection (honeypot)

To protect against automated spam submissions, we use a technical honeypot method. A form field that is invisible to humans is evaluated to detect and discard automated submissions. No personal data is collected or transmitted to third parties in the process.

Membership application

We provide the TAB Hamburg membership application as a PDF file for download. The download takes place directly from our server; no data about you is stored beyond normal server logging (see above).

Please send us the completed and signed application by email or via the contact form (optional PDF attachment function). The personal data contained therein (name, address, date of birth, company data, SEPA direct debit data) is processed exclusively to handle your membership request and to fulfil the statutory purposes of the association.

The legal basis is Art. 6 (1) (b) GDPR (pre-contractual measures) and, after admission, Art. 6 (1) (f) GDPR (legitimate interest in association administration). For SEPA direct debit data, Art. 6 (1) (c) GDPR (tax retention obligations) additionally applies.

Email correspondence

If you contact us directly by email, we process your message including the personal data it contains in order to handle your request. Please note that email communication without end-to-end encryption (e.g. S/MIME or PGP) is generally not protected against unauthorised access during transmission.

No disclosure to third parties

Personal data is not sold to third parties or transmitted for advertising purposes. Disclosure only takes place where this is required by law or where you have expressly consented.

Storage period

Personal data is only stored for as long as is necessary for the respective purpose or as required by statutory retention obligations. Membership-related data is deleted within three years of the end of membership, unless commercial or tax retention periods (Section 257 HGB, Section 147 AO) preclude this.

Changes to this policy

We adapt this privacy policy when legal requirements or our processing activities change. You can always find the current version on this page, with the "as of" date in the sidebar.