1. General Notes and Principles of Data Processing

 

Our privacy policy applies worldwide. Where this Privacy Policy refers to the European Union General Data Protection Regulation (“GDPR”), the referenced passage is either part of our global policy and meets GDPR requirements, or it is worded with the GDPR’s exemplary and far-reaching protections in mind.

​

Addresses for third-party providers we use on our pages—or to whom we link—are those applicable for inquiries within the European Union. For visitors outside the EU, different addresses or responsible locations may apply, typically the provider’s nearest regional office. For users in the United States and for companies headquartered in the United States, this is usually the U.S. corporate headquarters. Any addresses not specifically listed in this policy can be found online. If needed, we are happy to assist in providing such contact details upon request.

For questions about this policy (or any other questions to Rückenwind), you may use the contact form at the bottom of the Rückenwind home page.

​

Protecting your privacy and your personal data (as defined under GDPR) when using our website is important to us. “Personal data” (Art. 4(1) GDPR) means any information relating to an identified or identifiable natural person—e.g., your first and last name, address, telephone number, email address, and your IP address. Data that cannot be linked to you (e.g., through proper anonymization) is not personal data.

​

Any “processing” of personal data (e.g., collection, storage, reading, querying, use, transmission, deletion, or destruction; Art. 4(2) GDPR) requires a legal basis or your consent. Personal data must be deleted once the purpose of processing is fulfilled and there are no legal retention obligations remaining.

​

This policy explains how we handle your personal data when you visit our website. To provide the functions and services of our site, it may be necessary for us to collect personal data about you. Below, we explain the nature and scope of the respective data processing, the purposes and legal bases, and the associated storage periods.

​

2. Controller

Rückenwind NGO
Tomsagervej 2, Viby, Denmark
(“Rückenwind”, “we”, “us”) provides this information about the processing of your personal data in connection with this website.

This Privacy Policy applies only to Rückenwind’s website. It does not apply to other websites to which we refer via hyperlinks. We cannot assume responsibility for the confidential handling of your personal data on third-party websites, as we have no influence over whether those companies comply with data-protection regulations. Please consult the privacy policies on those third-party sites directly.

​

3. Data Protection Officer

Our organization is not legally required to appoint a Data Protection Officer. For any questions regarding data protection and privacy, please contact: Sana Yaabalawi through sana.zaabalawi@gmail.com.

​

4. Provision and Use of the Website / Server Log Files

Type and scope of processing. When you use this website—or transmit data via registration or a contact form—our servers automatically collect technically necessary data via server log files, including: IP address; date and time of the request; name and URL of the requested file; the website from which the request originated (referrer URL); access status/HTTP status code; browser type; language and version of the browser; operating system.

Purpose and legal basis. This processing is technically required to display our website to you and to ensure its security and stability. The legal basis is Art. 6(1)(f) GDPR (legitimate interests).

Storage period. Data necessary for displaying the website is deleted once no longer required. Server log files are automatically deleted by the system as a rule after 2 weeks. Because collection and storage in log files are necessary for website operation, there is no opt-out for this aspect. Further storage may occur in individual cases where required by law.

​

5. Use of Cookies

Type, scope, and purpose. We use cookies—small files sent from our servers to your browser and stored in the browser directories on your device. Some functions of our site cannot be offered without technically necessary cookies. Other cookies enable various analyses (e.g., recognizing your browser on return visits, evaluating site usage, storing preferred language/region). Third parties may also process information via cookies directly in your browser (e.g., CMP/banner providers storing your consent choices).

Session cookies. Session cookies are automatically deleted when you close your browser. They allow us to assign multiple requests to a single session.

Persistent cookies. Persistent cookies remain stored for longer and can transmit information about your visits to improve user experience. Lifetimes vary by cookie. You can delete them at any time via your browser.

Third-party cookies. We use analytical cookies (to observe anonymized user behavior) and advertising cookies (to track user behavior for marketing purposes). Social-media cookies can connect to your social networks and enable sharing of content.

​

Browser settings. Most browsers accept cookies by default. You can configure yours to accept only certain cookies or none. Please note, some site functions may not work without cookies. You can delete stored cookies and set your browser to notify you before cookies are saved. Disabling cookies may itself require storing a permanent opt-out cookie. If you later delete that cookie, you will need to disable again.

Legal bases. Technically necessary processing is based on Art. 6(1)(f) GDPR (website provision, security, stability) and Art. 6(1)(c) GDPR (legal obligations where applicable). Where we show a cookie banner and you consent, subsequent processing is based on Art. 6(1)(a) GDPR.

Storage period. Data transmitted via cookies is deleted once no longer required for the purposes described above. Further storage may occur if required by law.

 

Cookie categories we may use

• Necessary cookies: Required for basic functions (e.g., keeping logged-in users authenticated). First-party only. No consent required (but you can disable cookies in your browser).

• Statistics cookies: Help us understand how visitors interact (e.g., page views, dwell time, sequence of pages, search terms, country/region/city, mobile share, areas of special interest). Data is anonymized and aggregated.

• Personalization cookies: Store your selections (e.g., registered name, language, location) to provide improved, more personal features. Only anonymized information is processed.

• Marketing cookies: Used to deliver interest-based advertising, limit ad frequency, and measure campaign effectiveness; often linked with third-party site features. Aim: relevant ads for users and value for users, publishers, and advertisers.

​

6. Data Collection for Pre-Contractual Measures and Contract Fulfilment

Type and scope. In pre-contractual situations and upon contract conclusion (as offline), we collect and store personal data such as name, address, email, telephone number, and bank details.

Purpose and legal basis. Solely to perform the contract or pre-contractual steps (Art. 6(1)(b) GDPR). If you additionally consent, Art. 6(1)(a) GDPR applies.

Storage period. Deleted when no longer necessary for the purpose. Statutory retention duties (e.g., commercial or tax requirements) may apply; we block or delete your data once those periods end.

​

7. Data Disclosure

We disclose your personal data to third parties only if:
a) you have given consent (Art. 6(1)(a) GDPR);
b) it is lawful and necessary for contract performance or pre-contractual measures (Art. 6(1)(b) GDPR);
c) there is a legal obligation (Art. 6(1)(c) GDPR)—e.g., to tax authorities, social insurance carriers, health insurers, regulators, law-enforcement;
d) disclosure is necessary to protect legitimate interests and to assert, exercise, or defend legal claims (Art. 6(1)(f) GDPR) and there is no overriding interest to the contrary;
e) we engage processors under Art. 28 GDPR (e.g., IT, logistics, telecoms, sales, marketing) who are bound to handle your data carefully.

Transfers to third countries. For transfers outside the EU/EEA, we ensure recipients treat your data with the same care as within the EU/EEA. We transfer only where the EU Commission has recognized an adequate level of protection or where appropriate safeguards (e.g., Standard Contractual Clauses) ensure proper handling.

​

8. Comments Function (Blog)

Type and scope. When you comment on blog posts, we collect and store the data you enter, along with the time of comment, your chosen username (pseudonym), and your IP address. No disclosure to third parties occurs.

Purpose and legal basis. Data (including IP) is processed for security reasons and in case a comment infringes third-party rights or posts unlawful content. Legal bases: Art. 6(1)(a) GDPR (if/where consent applies; revocable at any time without affecting prior processing) and Art. 6(1)(f) GDPR (our legitimate interests in preventing abuse/unlawful content).

Storage period. Comments and associated data (e.g., IP address) are stored and remain on our website until the commented content is fully deleted or removal is legally required.

​

9. Contact by Email

Type and scope. If you contact us by email, we collect your sender address and any personal data you provide.

Purpose and legal basis. To respond to your inquiry; Art. 6(1)(f) GDPR (our legitimate interest in proper handling of inquiries).

Storage period. Depends on the context of your inquiry. We delete your data when the purpose ceases and storage is no longer necessary (e.g., once your request is resolved), unless legal retention duties apply.

​

10. Privacy Notice for Video Conferences (e.g., Microsoft Teams)

Purpose. We use video-conference systems to conduct meetings with customers and prospects, seminars, and trainings (“online conferences”). The systems are provided by the respective vendors; their terms remain applicable.

Controller. The controller for processing directly related to conducting the online session is the respective event organizer.

​

Data processed.

• User details: first name, last name, phone (optional), email, password (if SSO not used), profile image (optional), department (optional)

• Meeting metadata: topic, description (optional), participant IP addresses, device/hardware info

• Recordings (optional): MP4 (video/audio/presentations), M4A (audio), text file of meeting chat

• Telephone dial-in: inbound/outbound number, country, start/end time, possible connection data (e.g., device IP)

• Text/audio/video: chat/questions/polls; microphone and camera data during the session (you can mute/disable at any time)
  To join, you must at least provide your name.

​

Scope of processing. We will notify you transparently if we wish to record and—where required—seek your consent. As a rule, we do not record sessions; the same applies to chat content. No automated decision-making within Art. 22 GDPR takes place.

​

Legal bases.

• Contract / pre-contract: Art. 6(1)(b) GDPR

• Consent (where applicable, e.g., recordings): Art. 6(1)(a) GDPR

• Employees of Rückenwind: Art. 6(1)(b) GDPR

​

Recipients / disclosure. Personal data processed in connection with participation is not shared with third parties unless intended for sharing.

Processing outside the EU. Some providers are located in the USA, so processing may occur in a third country. We have DPAs under Art. 28 GDPR and vendors commit to EU Standard Contractual Clauses. However, an equivalent level of protection cannot be guaranteed in every case.

Data Protection Officer (video conferences). Our organization is not legally required to appoint a DPO. Contact: sana.zaabalawi@gmail.com.

Your rights (overview). You have rights of access, rectification, erasure, restriction, objection, data portability, and the right to lodge a complaint (see section 13 below for details).

​

11. Data Security and Safeguards

We are committed to protecting your privacy and treating your personal data confidentially. We implement extensive technical and organizational measures—regularly reviewed and adapted to technological progress—including recognized encryption (SSL/TLS). Data disclosed unencrypted (e.g., by unencrypted email) may be read by third parties beyond our control. Users are responsible for protecting data they provide (e.g., via encryption) against misuse.

​

12. Changes to this Privacy Policy

We reserve the right to update this policy as needed (e.g., if our processing changes). The current version is always available on this website.

​

13. Your Rights

You have the following rights regarding your personal data (Arts. 7, 15–22, 77 GDPR). You can contact the Controller (sec. 2) or, where applicable, the Data Protection Officer (sec. 3):

​

a) Right to withdraw consent (Art. 7(3) GDPR): You may withdraw consent at any time with effect for the future. Past processing remains lawful.
b) Right of access (Art. 15 GDPR): Confirmation whether we process your personal data and, if so, access to the data and information (purposes, categories, recipients, storage periods/criteria, etc.).
c) Right to rectification (Art. 16 GDPR): Immediate correction of inaccurate data and completion of incomplete data.
d) Right to erasure (“right to be forgotten”) (Art. 17 GDPR): Where processing is not required (e.g., data no longer needed, consent withdrawn, unlawful processing).
e) Right to restriction (Art. 18 GDPR): E.g., if you contest accuracy.
f) Right to data portability (Art. 20 GDPR): Receive your data in a structured, commonly used, machine-readable format.
g) Right to object (Art. 21 GDPR): At any time, on grounds relating to your particular situation. For direct marketing, you may object at any time (including related profiling).
h) Automated decisions including profiling (Art. 22 GDPR): You have the right not to be subject to a decision based solely on automated processing (subject to the exceptions in Art. 22 GDPR). We do not use such automated decision-making.
i) Right to lodge a complaint (Art. 77 GDPR): With a supervisory authority, if you believe processing is not compliant with data-protection law.

​

14. Online Tools and Social Media

​

Google Analytics

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, Email: support-denmark@google.com (“Google”).

Processing. We use Google Analytics with IP anonymization (IP masking). The cookie may transmit: truncated IP (last octet masked), requested page, referrer, subpages called, time on page, frequency of page views.

Purpose and legal basis. Usage analytics of our site based on your consent (Art. 6(1)(a) GDPR).

International transfers. Google relies on EU Standard Contractual Clauses. We cannot guarantee an equivalent protection level in every case.

Storage period. Up to 24 months, then deletion.

Opt-out. You may block cookies via browser settings (site functions may be limited) and install Google’s browser add-on: http://tools.google.com/dlpage/gaoptout?hl=de. See also:
Terms: google.com/analytics/terms/de.html
Privacy help: support.google.com/analytics/answer/6004245?hl=de
You can change your consent anytime in the cookie settings (“Change your consent”).

​

Google Fonts

Provider: Google Ireland Limited (details above).

Processing & purpose. Web-font request (possibly to U.S. servers) to ensure consistent typography. IP address may be processed. Legal basis: your consent (Art. 6(1)(a) GDPR). We do not further process these data.

Transfers. Based on Standard Contractual Clauses; no absolute guarantee of equivalent protection can be given.

More info: https://www.google.com/policies/privacy/

Google Maps

Provider: Google Ireland Limited (details above).

Processing. When using Maps, Google may set a cookie and process OS, browser info, ISP, IP, date/time, referrer, subsequent pages. If logged into Google, data may be associated with your account.

Purpose & legal basis. Display of interactive maps (e.g., directions). Consent (Art. 6(1)(a) GDPR).

Storage & opt-out. Data is deleted when no longer needed for the purposes stated. You may object to profiling directly with Google or disable JavaScript (Maps will not function).
Terms: policies.google.com/terms
Additional Maps terms: google.com/intl/de_US/help/terms_maps.html
Privacy: google.de/intl/de/policies/privacy/

​

Google reCAPTCHA

Provider: Google Ireland Limited (details above).

Processing & purpose. Determines whether an entry is made by a human; includes transmission of your IP and possibly other data necessary for the service. Legal basis: Art. 6(1)(f) GDPR (our legitimate interest in security and spam prevention).

Transfers. Based on Standard Contractual Clauses; no absolute guarantee can be given.

Storage & opt-out. Delete cookies or use opt-out measures. Privacy info: http://www.google.de/intl/de/privacy.\

​

Google Tag Manager

Provider: Google Ireland Limited (details above).

Processing. Tag Manager deploys tags; no additional cookies and no personal data collected by Tag Manager itself. Deactivations at domain/cookie level (e.g., Analytics opt-out) remain in effect for tags deployed via Tag Manager.
Privacy: http://www.google.com/intl/de/policies/privacy
Ads terms: www.google.de/intl/de/policies/technologies/ads

​

Vimeo Videos

Provider: Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA.

Processing & purpose. On consent, a connection to Vimeo servers is established; IP address is collected and may be transferred to the USA. If logged into Vimeo, your behavior may be linked to your profile. Legal basis: consent (Art. 6(1)(a) GDPR).
Privacy: https://vimeo.com/privacy

​

YouTube Videos

Provider: Google Ireland Limited (YouTube).

Processing. With “Enhanced Privacy Mode,” no data is sent until you start playback. When you start, a cookie stores your preference and a connection to Google’s ad network is made. If logged into YouTube, connection info may be linked to your account.

Purpose & legal basis. Display of videos; consent (Art. 6(1)(a) GDPR).
Privacy: http://www.google.de/intl/de/policies/privacy/

​

Social Networks (Links / Plugins)

We link to our social-media presences and may use social plugins (e.g., “Share” / “Like”). No data is sent to the platform until you click. When you follow the link or click a plugin, the platform processes (e.g.) IP, date/time, visited site.

If you are logged into the network, the visit may be associated with your account. You can prevent this by logging out first and/or adjusting your settings. Networks may also set cookies to show personalized advertising or produce usage statistics (often anonymized before shared with us).

Purpose & legal basis. Public information about our services and handling inquiries (Art. 6(1)(f) GDPR – legitimate interests). For social-plugin interactions, consent (Art. 6(1)(a) GDPR). Private messages via social networks are deleted 2 years after last communication. Public posts remain until you request deletion.

Please refer to each platform’s privacy policy for details on what they collect, recipients, transfers, and storage durations. We may remove unlawful content on our pages (e.g., copyright violations or criminal content).

Platforms we link to (by reference):

• Facebook — Privacy: https://www.facebook.com/about/privacy/

• Twitter (X) — Privacy: https://twitter.com/de/privacy

• Instagram — Help/Privacy: https://help.instagram.com/519522125107875

• TikTok — Privacy: https://www.tiktok.com/legal/privacy-policy

• YouTube — Privacy: https://policies.google.com/privacy

• LinkedIn — Privacy: https://www.linkedin.com/legal/privacy-policy

• Xing — Privacy: https://privacy.xing.com/de/datenschutzerklaerung

​

Facebook Fan Pages

As the operator of Facebook Fan Pages, Rückenwind is a joint controller with Facebook Ireland Limited under Art. 26 GDPR. See Facebook’s Page Controller Addendum: https://www.facebook.com/legal/terms/page_controller_addendum and information on Page Insights.

Facebook may set cookies on your device regardless of whether you have an account or are logged in, primarily to display personalized advertising and compile statistics. Non-essential cookies require your consent; Facebook is responsible for how it obtains consent.

Facebook decides which cookies it uses, for what purposes, which data it receives, where it is used/stored, and to which third parties it is transmitted. See Facebook’s Cookie Policy: https://de-de.facebook.com/policies/cookies/ and Data Policy for details, including transfers to Facebook, Inc., USA. Facebook relies on Standard Contractual Clauses; an equivalent protection level cannot be guaranteed in every case.

Facebook Ireland generally handles your statutory rights. You may also contact us about the following rights under GDPR: withdrawal of consent (Art. 7(3)), access (Art. 15), rectification/completion (Art. 16), erasure/“right to be forgotten” (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21), rights related to automated decisions (Art. 22), and complaints (Art. 77).

Supervisory Authorities:

• Denmark (for Rückenwind): Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, Denmark; Tel: +45 33 19 32 00; Fax: +45 33 19 32 18; Email: dt@datatilsynet.dk; Web: https://www.datatilsynet.dk

• For Facebook (Ireland): Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland; Tel: +353 (0)761 104 800 / +353 (0)57 868 4800
   

Contact: For questions, contact Sana Yaabalawi – sana.zaabalawi@gmail.com.