Data Protection Agreement
In the course of your activity as an active ECG member in the association and/or in a ECG partner association with an ECG account, you may become aware of personal data – for example of association members, donors, signatories and interested parties as well as employees of organisations of any legal form. In particular, you can also gain knowledge of opinions and possible political attitudes that are particularly worthy of protection under data protection law.
You are obliged to observe data protection in your work for the association and/or the respective GWÖ partner association and the movement. Violations against this can be punished by a fine, a fine or imprisonment depending on the severity of the violation as well as justifying private claims for damages. In addition, they may also be punished under labour law.
All personal data are subject to the legal data protection and are to be treated carefully and confidentially by you. Also the ECG internal documents and information that become accessible to you through the use of your ECG account are to be treated sensitively. In addition, they are – unless they are explicitly marked as public – to be used internally by ECG only.
Your duties with regard to data protection are in particular:
- You may only process personal data (e.g. read, sort, use as addresses…) if there is a legal basis for doing so, e.g. for administration in the context of membership or to fulfil a task as an active*r.
- You may only process it to the extent and in the manner necessary to fulfil the tasks assigned to you. Any other use of the data, e.g. for your own professional or private purposes, is not permitted.
- It is not permitted to share the information with others outside of these purposes. Particularly sensitive data may only be processed to a very limited extent (e.g. bank details, information on ideological or sexual orientation). In particular, the duty of care against unauthorised disclosure (e.g. not storing on an unencrypted hard disk) and the prohibition of disclosure apply here.
- You are obliged to provide the association and/or the ECG partner association or corresponding bodies of the movement with all data that you process on behalf of the association and/or the respective ECG partner association and the movement at any time upon request. Further principles that you must observe are explained in the attachment attached to this declaration.
- You are obliged to read the appendix and to observe the mentioned regulations to the best of your knowledge. In case of any ambiguity, please contact the board. Confidentiality does not extend to such knowledge that is accessible to everyone.
To ensure confidentiality, please take the following measures:
- We expressly point out that all personal data must be processed as far as possible in the tools provided by ECG, as these ensure security on the part of ECG-IT.
- Downloading to your own computer and further processing in other programs is to be avoided. If it should be necessary, the responsibility for security is transferred to you personally. This data must then be processed securely so that it is protected against destruction, loss, unintentional modification and unauthorized disclosure. This also and especially applies to printouts.
- You are obliged to keep the access data for viewing and entering data via the Internet secret.
- It is not permitted to pass on this data – not even in the context of a possible representation. In the case of representation, a person must be sought for whom an ECG account with a corresponding signed data protection declaration also exists.
When you end your data processing activity for the association and/or the respective ECG partner association and movement you have to return all personal data that you have stored within the scope of this activity at that time to the association and/or the respective ECG partner association and/or the respective bodies of the movement of the association and/or the respective ECG partner associations. This applies in particular to function/group mailboxes and corresponding orderers in the data cloud for which you were responsible. You must reliably delete all copies of all data carriers that are in your personal possession. Confirm the deletion process in a documentable form to the person responsible for data protection in your organizational unit.
- We explicitly point out that the Ecogood IT systems are made available to you to fulfill your duties within the organization and are not intended for primarily private data.
- It goes without saying, but we explicitly point out that only legal data is allowed in our systems.
- Your general obligation of secrecy and similar legal obligations resulting from the employment contract and the work regulations are not affected by this declaration.
- Your obligation to maintain data protection will continue even after you have left the association and/or the respective ECG partner association or the corresponding bodies of the movement of the association and/or the respective ECG partner associations. Please save this declaration or print it out so that you are always aware of your obligations.
By agreeing to this declaration in the application you confirm that you have been informed about the legal provisions on data protection that result from it for you and that you agree with the above mentioned obligations.
Hamburg, 4. June 2020