Privacy policy

Data protection information on data processing according to the GDPR (Privacy Policy).

With the following information, the website controller (hereinafter “Controller”) provides you with an overview of the processing of your personal data in accordance with the GDPR when using the Controller’s websites.

I. Who is responsible and how can I contact the data protection officer?

The controller for the processing of your personal data is:

NABU (Naturschutzbund Deutschland) e.V.
Charitéstraße 3
10117 Berlin
Tel.:  +49(0)30-284984-0
Fax:  +49(0)30-284984-2000

President: Jörg-Andreas Krüger, Managing Director: Leif Miller
Register court: Stuttgart Local Court | Register number: VR 2303
Sales tax identification no.: DE 155765809

If you have any questions about the processing of your personal data by us, about data protection in general and about the assertion of your data subject rights, please contact us at the above address or at the e-mail address In the case of desired secure transmission, please contact us by post. For all other data protection concerns, in particular confidential ones, you can contact our external data protection officer directly via the e-mail address

II. Your rights as a data subject

Jede betroffene Person hat folgende Rechte:

  • Right of access (Art. 15 GDPR),
  • Right to rectification of inaccurate data (Art. 16 GDPR),
  • Right to erasure or a right to be “forgotten” (Art. 17 GDPR),
  • Right to restrict the processing of personal data (Art. 18 GDPR),
  • Right to data portability (Art. 20 GDPR).

You may object to the processing of personal data for advertising purposes, including an analysis of customer data for advertising purposes, at any time without giving reasons.

In addition, the data subject also has a general right of objection (cf. Art. 21 (1) GDPR). In this case, the objection to data processing must be substantiated. If data processing is based on consent, your consent can be revoked at any time with effect for the future.

To exercise your data subject rights, the easiest way is to contact In addition, you have the right to lodge a complaint with the data protection supervisory authority responsible for you.

III. Processing of personal data by NABU

In the following, we would like to give you an overview of how we ensure the protection of your personal data when you access our website and use our offers, and what types of personal data we process as the responsible party, for what purposes and to what extent.

1. Processing of data when accessing our website – log files

When accessing our website, also with the help of the static QR codes, which serve as a graphic image for forwarding to the URL of the thematic sub-pages, information of a general nature is automatically collected. This information (server log files) includes the type of web browser, the operating system used, the domain name of your internet service provider and similar. In addition, the IP address is transmitted and used to enable you to use the service you have requested. This information is technically necessary in order to correctly deliver the contents of web pages requested by you and is mandatory when using the Internet.

This log file data is anonymised or deleted by us immediately after the end of the usage process. The legal basis for data processing is Art. 6 Para. 1 lit. f) GDPR.

In accordance with our IT security concept, the resulting log file data is stored for a period of two weeks in order to detect and analyse any attacks against our website. The legal basis for the data processing is Art. 6 para. 1 lit. f) GDPR.

2. Processing of data when using the website – your requests

If you send us an enquiry by e-mail, we collect the data you provide for the purpose of processing and responding to your request. If necessary, we store this information for a period of three to eleven years due to legal retention periods for verification purposes. The legal basis for data processing is Art. 6 para. 1 lit. b) in the case of pre-contractual/contractual relationships and/or otherwise f) GDPR.

3. Notes on ensuring data security

We take technical and operational security precautions on our pages to protect the personal data stored with us from access by third parties, loss or misuse and to enable secure data transfer.

For example, all pages are accessed via an encrypted SSL connection, and in the case of data transmission (e.g. via online forms), your data is transmitted via this connection. You can recognise this transmission by a closed lock in the status bar of your internet browser. Your data is encrypted on the way from your computer to us and can only be read again on our server. A security certificate confirms the authenticity.

We must point out that, due to the structure of the Internet, unauthorised access to data by third parties may occur. It is therefore also your responsibility to protect your data against misuse by encryption or in any other way. Without appropriate protective measures, unencrypted data in particular, even if transmitted by e-mail, can be read by third parties.

IV. Processing of personal data through the integration of services and cookies

In the following, we would like to give you an overview of which third-party services and cookies we integrate into our website in order to enable necessary functions as well as to make our site more attractive and interesting and to better convey information.

1. General information on the use of cookies

Our website uses so-called cookies. Cookies are small text files that are stored on your terminal device and saved by your browser. They serve different purposes and can be temporary, so that they are automatically deleted when you close your browser (“session cookies”), or persistent (permanent), so that they are only deleted by deleting all cookies via the browser settings. When using cookies, a distinction must also be made between cookies that are absolutely necessary (e.g. to enable the functions of the website) and those for more extensive purposes (measuring access figures, advertising purposes). On our website, we only use mandatory cookies according to § 25 (2) S. 1. TTDSG, so that consent via a cookie content management system (known as a “cookie banner”) is not necessary.

2. Integration of Polylang – Plugin and Cookie

To make our website multilingual, we use the WordPress plugin Polylang by WP SYNTEX, (28, rue Jean Sebastien Bach, 38090 Villefontaine, France).

We write posts and pages, create categories and keywords (tags) as usual and then define the language for each of them so that correct pages can be displayed when you select the language. For the sole purpose of recognising and recording the language you use or choose, Polylang sets the cookie “pll_language”. This cookie is stored for one year and is then deleted.

V. Change to our privacy policy

We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration will then apply to your next visit.

As of: November 2021