1. General Information
Data controller according to Art. 4 para. 7 of the General Data Protection Regulation (GDPR) is
eHealth Africa gGmbH
Oranienburger Str. 69
Tel.: +49 30 5527 1650
(hereinafter referred to as eHA or we). We are a non-profit organization active in development cooperation and global public health, specifically in the development of IT solutions for health systems strengthening.
Please find our data privacy officer’s contact details below:
eHealth Africa gGmbH
Oranienburger Str. 69
Tel.: +49 30 5527 1650
2. Purpose for Processing
When you visit our website and review its content, we only collect the following personal data that your browser transmits to us:
- Your IP address
- The date and time of your visit to our website
- The pages you have visited
- The type and version of your Internet browser
- Information about the operating system of the device you are using to visit our website
- The website from which you access our website (referrer URL)
We collect and store the aforementioned personal data in order to enable you to visit our website and to improve its functionality.
If you contact us or register for our newsletter or you are pursuing business with us as a business partner, we also collect and process personal data provided by you. This includes but is not limited to the following personal data:
- Your first and last name
- Your address (business and personal) and name of your principal
- Your contact details: e-mail address, telephone number, and fax number (business and personal)
- Orders and information from communication
- Financial information, in particular account data
We collect and process this personal data to inform you about our activities or to pursue business with you or your principal.
Apart from our business partners, there are no obligations to provide us with your personal data. We may not cooperate with business partners if certain personal data are not disclosed (e.g. financial information such as tax IDs, etc.).
3. Legal Basis for Processing
The collection and processing of your personal data is permitted under the following data protection rules:
- Pursuant to Art. 6, para. 1 a) GDPR, provided that we have previously obtained your consent (e.g. for receiving our newsletter)
- Pursuant to Art. 6, para. 1 b) GDPR, insofar as the processing is necessary for the fulfilment of a contract with you or for the implementation of pre-contractual measures which take place at your request (e.g. if you are a business partner of ours)
- Pursuant to Article 6, para. 1 c) GDPR, as far as the processing is necessary for the fulfilment of eHA’s legal obligations of (e.g. storage and documentation obligations)
- Pursuant to Art. 6, para. 1 f) GDPR, insofar as the processing is necessary to safeguard eHA’s or a third party’s legitimate interests. eHA's legitimate interests include in particular securing the functionality of eHA's IT systems and the marketing of eHA's activities and services as well as the documentation of business and other contacts.
eHA does not undertake automated decision-making on the basis of your personal data and does not process any special categories of personal data about you. Please do not supply us with any special categories of personal data.
4. Location and Storage of Personal Data
For storing your personal data, eHA uses Squarespace, Inc. (Squarespace). The servers of Squarespace are located in the U.S.
In accordance with Article 45 of the GDPR, Squarespace, Inc has certified its compliance with the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks (individually and jointly Privacy Shield). Squarespace undertakes to treat personal data received from the European Economic Area and Switzerland in accordance with the Privacy Shield Frameworks in accordance with the applicable principles. You can view Squarespace’s certification here: https://www.privacyshield.gov/participant?id=a2zt0000000GnjcAAC&status=Active) and learn more about the Privacy Shield frameworks and principles at https://www.privacyshield.gov/.
Further, eHA only stores your personal data until the purpose for which they were collected has been fulfilled. We only store the personal data collected when you visit our website for as long as this is necessary to identify you as a user. Subsequently, the personal data is automatically deleted. We also erase your personal data according to your request (see further information below under sections 8 and 9).
5. Transfer of Personal Data
We do not sell or transfer your data to third parties without your consent, unless we are obliged to do so for legal reasons, e.g. within legal proceedings and for commissioned data processing. Exceptions of this general policy are provided in sections 4 and 7.
When we use and share personal data with contractors, such as commissioned processors, cloud providers and other service providers, we carefully select them. In particular, we agree with them on data protection standards through our data processing agreements to ensure that they comply with applicable data protection regulations. To get an up-to-date list of our current contractors, please contact us in writing or via email (see our contact details in section 1).
In particular we use so called “Session Cookies”. A Session Cookie is information that an internet server sends to a browser, which the browser sends back to the server during later accesses. Cookies can be used to store information between sessions on websites and allow a server to recognize the user's browser, thus the visitor him-/herself, or for him/her to remain recognized throughout a session. These Session Cookies are erased after each session.
You can also manage your cookies yourself. The help function in the menu bar of most internet browsers explains how to prevent your browser from accepting new cookies, how to display new cookies, or how to delete and block all cookies already received. The procedure varies from browser to browser. Below we list how this works with Internet Explorer:
- Select "Internet Options" from the "Extra" menu.
- Click on the "Privacy" tab.
- There you can set whether cookies should be accepted, selected, or rejected.
- Confirm your setting with "OK".
In addition, for statistical purposes we monitor the clicks per link in each of our newsletters. This is done anonymously without personally identifying the user.
7. Disclosure of Information
For web analysis and conversion tracking we use Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.. Data thereto may be transmitted to servers in the U.S. and processed there. No adequacy decision for the U.S. has been made by the European Commission within the meaning of Article 45 (1) GDPR. Google Inc. is, however, certified under the EU-U.S. Privacy Shield, with the result that the transmission is permitted under Article 46 (2) (f) GDPR (implementing decision (EU) 2016/1250 of the European Commission dated July 12, 2016). You may prevent the further collection and transfer of your data by Google. For this, Google Inc. provides the relevant information here: https://tools.google.com/dlpage/gaoptout?hl=de.
Email Marketing Messages (EMM) – such as our newsletter – are provided by an external email marketing service provider (EMS), a business partner that allows us to send out emails to registered persons. EMMs may contain tracking beacons, click through links or similar server technologies in order to track subscriber activities. We disclose Information about you towards our EMS Rocket Science Group LLC d/b/a MailChimp, 675 Ponce de Leon Avenue NE, Suite 5000, Atlanta, GA 30308 situated in the U.S. So, data may be transmitted to servers in the U.S. and processed there. No adequacy decision covering the U.S. has been made by the European Commission within the meaning of Article 45 (1) GDPR. However, Rocket Science Group LLC is also certified under the EU-U.S. Privacy Shield, with the result that the transmission is permitted under Article 46 (2) (f) GDPR (through implementing decision (EU) 2016/1250 of the European Commission dated July 12, 2016.
For additional information on the above, please send an email to our contact as provided in section 1.
8. Consent and Withdrawal
If you have provided eHA with your consent for processing your personal data (e.g. for receiving our newsletter), you may withdraw your consent at any time for the future. In order to exercise your right of withdrawal, you must inform eHA about your decision to withdraw your consent in writing or via email (please see our contact details in section 1). You can withdraw from our newsletter at any time by clicking on the unsubscribe link at the end of each newsletter. In the event of a withdrawal, the processing of your data up to that section remains legal. After your withdrawal, your personal data can be further processed insofar as it is legally permitted, e.g. within legal retention periods or for legal proceedings before courts.
9. Your Rights
You have the right to request access to, rectification, or erasure of your personal data as well as to ask for limitation of the processing of your personal data. Further, you have the right to object to the processing on the basis of eHA’s or any third party’s legitimate interest. You may also request portability of your personal data. Please send such requests in writing or via email to the contact details mentioned under section 1 above.
Complaints may be filed to the Data Protection Authority of Berlin, Germany (Berliner Beauftragte für Datenschutz und Informationsfreiheit) or any other relevant data protection authority within the EU.
eHA’s website contains links to other websites. eHA has no influence on the content of third-party websites. eHA accepts no responsibility for external content that can be accessed via links and does not adopt their content as its own. The respective provider or operator of the websites is responsible for the contents of the linked pages. eHA recommends you review the respective external website’s own privacy notice. As soon as a violation of law becomes known, eHA will immediately remove such links. Please inform us using our contact details provided in section 1.