Privacy Statement

This Privacy statement clarifies the nature, scope and purpose of the use of personal data (hereinafter referred to as “data”) in the context of providing our services and within our online services and the associated websites, functions and content as well as external online presences, such as our Social Media Profile (hereinafter collectively referred to as “online service(s)”). With regard to the terms used, such as “processing” or “responsible person”, we refer you to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Person responsible

Sarah Schneider / Medical Volunteers International e.V.
Heider Str. 1
20251 Hamburg, Germany
Email address:

Board: Sarah Schneider, Nicole Grimske, Schukufeh Memari-Nejad
Link to the legal notice:
Contact data protection officer:

Types of data processed

–        Inventory data (e.g., person database, names or addresses).

–        Contact data (e.g., email, telephone numbers).

–        Content data (e.g., content entries, photographs, videos).

–       Usage data (e.g., websites visited, content preferences, access times).

–       Meta/communication data (e.g., device information, IP addresses).

Categories of persons concerned

Visitors and users of these online services (hereinafter referred to collectively as “users”).

Purpose of data processing

–        Providing the online offer, its functions and content.

–        Answering contact requests and communicating with users.

–        Security measures.

–        Reach measurement/Marketing

The used terminology

“Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person who can be identified, directly or indirectly, in particular by reference to an identification such as a name, an identification number, location data, online identification (e.g. a cookie) or to one or more specific characteristics which express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, is regarded as identifiable.

“Processing” means any operation or set of operations which is carried out with or without the aid of automated processes and which is related to personal data. The term is broad and covers practically every aspect of data management.

“Pseudonymization” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data is not attributed to an identified or identifiable natural person.

“Profiling” means any automated processing of personal data which involves the use of this personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects of that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or movements.

The “responsible person ” is the natural or legal person, public authority, agency or other body which alone or jointly with others decides on the purposes and means by which personal data is processed.

” Data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the responsible person.

Applicable legal framework

In accordance with Art. 13 of the GDPR we inform you of the legal basis of our data processing. For users from the area of jurisdiction of the data protection basic regulation (GDPR) act, i.e. the EU and the EEC, the following applies, if the legal basis is not mentioned in the data protection declaration:

The legal basis for obtaining consent is Art. 6 sec. 1 lit. a and Art. 7 GDPR;

The legal basis for the processing for the performance of our services and the implementation of contractual measures as well as the answering of inquiries is Art. 6 sec. 1 lit. b GDPR;

The legal basis for the processing for the compliance with our legal obligations is Art. 6 sec. 1 lit. c GDPR;

Art. 6 sec. 1 lit. d GDPR serves as the legal basis in the case that vital interests of the data subject or another natural person necessitate the processing of personal data.

The legal basis for the processing necessary to perform a task which is in the public interest or in the performance of official authority entrusted to the data controller is Art. 6 sec. 1 lit. e GDPR.

The legal basis for the processing to protect our legitimate interests is Art. 6 sec. 1 lit. f GDPR.

The processing of data for purposes other than those for which they were collected is regulated by Art. 6 sec 4 GDPR.

The processing of special categories of data (according to Art. 9 sec. 1 GDPR) is regulated by the provisions of Art. 9 sec. 2 GDPR.

Security measures

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the technology, the implementation costs and the type, extent, circumstances and purposes of the processing as well as the different probabilities of occurrence and degree of risk to the rights and freedoms of natural persons, in order to ensure a level of protection adequate to the risk.

Measures shall include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to it, as well as access to it, input, transmission, availability and separation of data. In addition, we have established procedures to ensure the monitoring of data subjects’ rights, the deletion of data and the response to data threats. Furthermore, we take the protection of personal data into account as soon as we develop or select hardware, software and processes in accordance with the principle of data protection through technology design and data protection-friendly default settings.

Cooperation with contract data processors, joint managers and third parties

If we disclose data to other persons and companies (contract processors, jointly responsible persons or third parties) in the context of our processing, transfer them to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is necessary for the execution of the contract), if the user has consented, if a legal obligation requires this, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

In the case that we disclose, transmit or otherwise grant access to data to other companies of our consortium, this is done in particular for administrative purposes as a legitimate interest and additionally on the basis of legal requirements.

Transfers to non-EU countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or if this is done in the context of the use of third party services or disclosure / transfer of data to other persons or companies, this will only occur if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, a legal obligation or on the basis of our legitimate interests. With the exception of legal or contractual permissions, we only process or leave the data in a third country if the legal requirements are met. This means, for example, that the processing takes place on the basis of special guarantees, such as the officially recognised establishment of a data protection level corresponding to the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognised special contractual obligations.

Rights of data subjects

You have the right to request confirmation, whether or not the data in question will be processed and to obtain information about this data, as well as to obtain further information and a copy of the data in accordance with the legal regulations.

You have the right, in accordance with the law, to request the completion of the data or the rectification of the inaccurate data concerning you.

In accordance with the statutory provisions, you have the right to demand that the data concerned can be immediately deleted or, alternatively, to demand that the processing of the data be restricted in accordance with the legal regulations.

You have the right to demand that the data concerning you, which you have provided to us, is received in accordance with the legal regulations and that it is transferred to other responsible parties.

You also have the right to file a complaint with the competent supervisory authority in accordance with the legal regulations.

Withdrawal right

You have the right to withdraw any consent you have given with effect for the future.

Right of objection

You may object at any time to the future processing of the data concerning you in accordance with the legal regulations. In particular, you may object to the processing of your data for the purposes of direct marketing.

Cookies and rights of objection in the case of direct advertising

“Cookies” are small files that are stored on the user’s computer. Different data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after the user’s visit to an online service. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. The content of a shopping basket in an online shop or a login status, for example, can be stored in such a cookie. Cookies are referred to as “permanent” or “persistent” and remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. The interests of the users who are used for measuring the reach or for marketing purposes can also be stored in such a cookie. “Third party cookies” are cookies that are offered by providers other than the person responsible for operating the online service (otherwise, if they are only the latter’s cookies, they are referred to as “first party cookies”).

We may use temporary and permanent cookies and explain this in our Privacy statement.

If users do not wish cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of your browser. The exclusion of cookies can lead to functional restrictions of this online offer.

A general objection to the use of cookies for online marketing purposes can be raised for a large number of services, especially in the case of tracking, via the US website or the EU website In addition, cookies can’t be saved by deactivating them in the browser settings. Please note that in this case not all functions of this online offer can be used.

Data deletion

The data processed by us will be deleted in accordance with the legal regulations or their processing will be restricted. Unless explicitly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.

If the data is not deleted, because they it is necessary for other legitimate and legally permitted purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.

Changes and updates of the Privacy statement

We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as the changes to the data processing that we carry out necessitate this. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

Performance of our legal and business services

We process the data of our members, supporters, stakeholders, customers or other persons in accordance with Art. 6 sec.1 lit. b. GDPR, provided that we offer them contractual services or act within the framework of an existing business relationship, e.g. with members, or if we ourselves are recipients of services and benefits. Otherwise, we process the data of data subjects in accordance with Art. 6 sec. 1 lit. f. GDPR on the basis of our legitimate interests, e.g. in the case of administrative tasks or public relations work.

The data processed, the type, scope and purpose as well as the necessity of its processing is determined by the underlying contractual relationship. This basically includes the inventory and personal data of the persons (e.g., name, address, etc.), as well as the contact data (e.g., email address, telephone, etc.), the contract data (e.g., services used, content and information communicated, names of contact persons) and, insofar as we offer chargeable services or products, payment data (e.g., bank details, payment history, etc.).

We delete data that is no longer required for the performance of our legal and business purposes. This is determined according to the respective tasks and contractual relationships. In the event of business processing, we shall retain the data for as long as it is relevant to the business transaction and also with regard to any existing warranty or liability obligations. The necessity of storing the data is reviewed every three years; otherwise the legal storage obligations apply.

Data protection information in the application process

We process the applicant data only for the purpose and within the framework of the application procedure in accordance with the legal regulations. The processing of the applicant data is carried out to fulfil our (pre)contractual obligations within the scope of the application procedure as defined in Art. 6 sec. 1 letter b. GDPR and in Art. 6 sec. 1 lit. f. GDPR

The application procedure requires that applicants provide us with  applicant data. If we offer an online form, the necessary applicant data is marked, otherwise it results from the job descriptions and basically includes the personal details, postal and contact addresses and the documents belonging to the application, such as cover letters, curriculum vitae and certificates. In addition, applicants may voluntarily provide us with additional information.

By submitting their application to us, applicants consent to the processing of their data for the purposes of the application procedure in accordance with the type and scope set out in this data protection declaration.

If special categories of personal data within the meaning of Art. 9 sec. 1 GDPR are voluntarily provided as part of the application process, they will also be processed in accordance with Art. 9 sec. 2 lit. b GDPR (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 sec. 1 GDPR are requested from applicants as part of the application procedure, their processing will also be carried out in accordance with Art. 9 sec. 2 lit. a GDPR (e.g. health data, if these are necessary for the practice of the profession).

If provided, applicants can submit their applications via an online form on our website. The data will be transmitted to us encrypted according to the state of the newest technology.

Applicants can also send us their applications by email. Please note, however, that emails are generally not sent in encrypted form and the applicants themselves must ensure that they are encrypted. We therefore cannot assume any responsibility for the transmission path of the application between the sender and the recipient of the application on our server and therefore recommend using an online form or postal delivery. Instead of applying by online form and email, applicants still have the option of sending their application by post.

In the event of a successful application, the data provided by the applicants can be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicant’s data will be deleted. Applicant data will also be deleted if an application is withdrawn, which applicants are always authorised to do.

Deletion will take place, subject to justified cancellation by the applicants, after a period of six months, so that we can respond to any follow-up questions regarding the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with the regulations of tax law.

Talent pool

As part of the application process, we offer applicants the opportunity to be included in our “talent pool” for a period of two years on the basis of consent as defined in Art. 6 sec. 1 lit. a. and Art. 7 GDPR.

The application documents in the talent pool will be processed solely within the framework of future job advertisements and employee searches and will be destroyed at the latest upon expiry of the deadline. Applicants are informed that their consent to inclusion in the talent pool is voluntary, has no influence on the current application procedure and that they can revoke this consent at any time for the future and declare objections within the meaning of Art. 21 GDPR.

Contact with us

When contacting us (e.g. via contact form, email, telephone or via social media), the user’s details are used to process the contact enquiry and to process it in accordance with Art. 6 sec. 1 lit. b. (within the framework of contractual/pre-contractual relationships), and Art. 6 sec. 1 lit. f. (other inquiries) according to GDPR. The user data can be stored in a customer relationship management system (“CRM system”) or comparable inquiry mechanism.

We delete the requests if they are no longer necessary. We check the necessity every two years; furthermore, the legal archiving obligations apply.

CRM-System of salesforce

We use the CRM system of the provider Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany, in order to be able to process user queries faster and more efficiently (justified interest according to Art. 6 sec. 1 lit. f. GDPR).

salesforce is certified under the Privacy Shield Agreement and thus offers an additional guarantee to comply with European data protection law, if data is processed in the USA. (

salesforce only uses user data for the technical processing of inquiries and does not pass it on to third parties. To use salesforce, you must provide at least a correct email address. A pseudonymous use is possible. In the course of processing user service requests, it may be necessary to collect additional data (name, address).

If users do not agree to the collection and storage of data in salesforce’s external system, we offer them alternative contact options for submitting service requests such as email, telephone, fax, or mail.

For more information, please see salesforce’s Privacy statement:


With the following information we inform you about the content of our newsletter as well as the registration, mailing and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you declare your agreement with the reception and the described procedures.

Content of the newsletter: We send newsletters, emails and other electronic notifications with promotional information (hereinafter referred to as “newsletter”) only with the consent of the recipient or a legal permission. If the contents of the newsletter is specifically described within the framework of registration, it is decisive for the consent of the user. In addition, our newsletters contain information about our services and us.

Double-Opt-In and logging: The registration to our newsletter takes place in a so-called Double-Opt-In procedure. This means that after registration you will receive an email in which you will be asked to confirm your registration. This confirmation is necessary, to ensure that nobody can register with external email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Likewise the changes of your data stored with the service provider are recorded.

Registration data: To subscribe to the newsletter, it is sufficient to enter your email address. Optionally, we ask you to enter a name in the newsletter for the purpose of addressing you personally.

The sending of the newsletter and the performance measurement associated with it are based on the consent of the recipients according to Art. 6 sec. 1 lit. a, Art. 7 GDPR in conjunction with § 7 sec. 2 No. 3 UC or, if consent is not required, based on our legitimate interests in direct marketing according to Art. 6 sec. 1 lt. f. GDPR in connection with § 7 sec. 3 UC.

The registration procedure is recorded on the basis of our legitimate interests in accordance with Art. 6 sec. 1 lit. f GDPR. Our interest is directed towards the use of a user-friendly and secure newsletter system, which serves our business interests as well as the expectations of the users and furthermore allows us to provide evidence of consent.

Cancellation/revocation – You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We may store the unsubscribed email addresses for up to three years on the basis of our legitimate interests, before deleting them, in order to be able to prove that we have previously given our consent. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for deletion is possible at any time, provided that the former existence of a consent is confirmed at the same time.

Newsletter – performance measurement

The newsletters contain a so-called “web-beacon”, i.e. a file the size of a pixel, which is retrieved from our server when the newsletter is opened or, if we use a dispatch service provider, from its server. Within the scope of this download, technical information, such as information about the browser and your system, as well as your IP address and time of the download are collected.

This information is used to technically improve the services based on the technical data or the target groups and their reading behaviour using their access locations (which can be determined with the help of the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. It is, however, neither our intention nor, if used, that of the dispatch service provider, to monitor individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

A separate cancellation of the performance measurement is unfortunately not possible, and in this case the entire newsletter subscription must be cancelled.

Hosting and Email dispatch

The hosting services used by us serve the provision of the following services: Infrastructure and platform services, computing capacity, storage space and database services, email dispatch, security services and technical maintenance services, which we use for the purpose of operating our online services.

For this purpose, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors to this online service, respectively, on the basis of our legitimate interests in the efficient and safe delivery of this online service in accordance with Art. 6 sec. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of an order processing contract).

Online presence in social media

We maintain an online presence within social networks and platforms in order to be able to communicate with customers, interested parties and users who are active there and to inform them about our services.

We would like to point out that user data may be processed outside the European Union. This may entail risks for users, e.g. by making it more difficult to enforce users’ rights. With respect to US vendors certified under the Privacy Shield, we would like to point out that they are committed to complying with EU privacy standards.

Furthermore, user data is usually processed for market research and advertising purposes. For example, user profiles can be created on the basis of user behaviour and the resulting interests of users. The user profiles can also be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user’s computer, in which the user’s usage behaviour and interests are stored. Furthermore, data can be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

The processing of users’ personal data is carried out on the basis of our legitimate interests in providing users with effective information and communicating with them in accordance with Art. 6 sec. 1 lit. f. GDPR. If the users are requested by the respective providers of the platforms to give their consent to the described data processing, the legal basis for the processing is Art. 6 sed. 1 lit. a., Art. 7 GDPR.

For a detailed representation of the respective processing and the possibilities of objection (Opt-Out), we refer to the following linked information of the providers.

Also in the case of requests for information and the enforcement of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, please do not hesitate to contact us.

– Facebook, Pages, Groups, (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the basis of a joint processing agreement – Privacy statement:,

speziell für Seiten: , Opt-Out: and, Privacy Shield:

– Google/ YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – Privacy statement:, Opt-Out:, Privacy Shield:

– Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) –

Privacy statement/ Opt-Out:

– Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) –

Privacy statement:, Opt-Out:, Privacy Shield:

– Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) – Privacy statement / Opt-Out:

– LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) –

Privacy statement , Opt-Out:, Privacy Shield:

– Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany – Privacy statement / Opt-Out:

– Wakalet (Wakelet Limited, 76 Quay Street, Manchester, M3 4PR, United Kingdom) – Privacy statement / Opt-Out:

– Soundcloud (SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany) – Privacy statement / Opt-Out:

Incorporation of third-party services and content

Within the framework of our online offer, we act on the basis of our legitimate interests (i.e. interest regarding the analysis, optimisation and economic operation of our online offer as defined in Art. 6 sec. 1 lit. f. GDPR) and use third parties services in order to integrate their content and products into our website.

This always presupposes that the third-party providers of this content perceive the IP address of the user, since they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We strive to use only this content, of which the respective provider uses the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visit times and other information about the use of our website, as well as may be linked to other information from other similar sources.


We can integrate the videos of the platform “Vimeo” of the provider Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Privacy statement: We point out that Vimeo may use Google Analytics and refer to the Privacy statement ( as well as opt-out options for Google Analytics ( or the settings of Google for data use for marketing purposes (


We integrate the videos of the platform “YouTube” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy statement:, Opt-Out:

Google Fonts

We integrate the fonts (“Google Fonts”) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy statement:, Opt-Out:

Typekit fonts from Adobe

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer as defined in Art. 6 sec. 1 lit. f. GDPR), we integrate external “Typekit” fonts from Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. Adobe is certified under the Privacy Shield Agreement, which guarantees compliance with European privacy laws (

Created with by RA Dr. Thomas Schwenke


This website uses the donation form of twingle GmbH, Prinzenallee 74, 13357 Berlin. The twingle GmbH provides the technical platform for the donation process for this donation form. The data you enter when making a donation (e.g. address, bank details, etc.) will only be stored by twingle on servers in Germany for the purpose of processing the donation.

We have concluded a contract with twingle for the processing of order data and when using the twingle donation form, we fully implement the strict requirements of the EU data protection regulation (GDPR) and the German data protection authorities.

Your data will be transmitted on the basis of Art. 6 sec. 1 lit. a GDPR (consent) and Art. 6 sec. 1 lit. b GDPR (processing for the fulfillment of a contract). If you have given your consent for data processing, you can revoke your consent at any time. A revocation does not affect the effectiveness of past data processing operations.

Use of Matomo

In the donation form of twingle, data is collected and stored in accordance with Art. 6 sec. 1 lit. f GDPR by using the web analysis service software Matomo (, a service of the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, (“Matomo”). The data is stored on the basis of twingle’s legitimate interest in the statistical analysis of user behaviour for optimization purposes in accordance with Art. 6 sec. 1 lit. f GDPR. From this data, pseudonymised user profiles can be created and evaluated for the same purpose. In this case cookies can be used. Cookies are small text files that are stored locally in the cache of the Internet browser of the page visitor. The cookies enable, among other things, the recognition of the Internet browser. The data collected using Matomo technology (including your pseudonymised IP address) is processed on twingle servers. The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor of the website and is not merged with personal data about the holder of the pseudonym.