Privacy and Cookie Policy

Nature and Biodiversity Conservation Union e.V. (NABU)

This privacy policy describes the processing of personal data when using the Lake Tana Biosphere Reserves website ( It also explains the choices you have about your personal information (“your rights”) and how you can contact us.

I. Who is responsible and how can I contact the Data Protection Representative?

The person responsible within the meaning of the GDPR (General Data Protection Regulation) is the

NABU (Nature and Biodiversity Conservation Union Germany) e.V.
Charitéstraße 3
10117 Berlin

Tel. +49 (0) 30-28 49 84-0
Fax +49 (0) 30-28 49 84-20 00

Register court: Amtsgericht Stuttgart | Register number: VR 2303
VAT identification-No.: DE 155765809

President: Olaf Tschimpke, Managing Director: Leif Miller

If you have any questions about the processing of your personal data by us or about data protection in general, please contact our data protection representative at the following e-mail address:

II. Your rights as person concerned

  • Each affected person has the following rights:
  • Right of access by the data subject (Art. 15 GDPR),
  • Right of rectification (Art. 16 GDPR),
  • Right of erasure, or better, a „right to be forgotten“ (Art. 17 GDPR),
  • Right to restriction of processing (Art. 18 GDPR),
  • Right for data portability (Art. 20 GDPR).

You can object to the processing of personal data for advertising purposes including an analysis of customer data for advertising purposes at any time without stating reasons.

In addition, the person concerned also has a general right to object (cf. Art. 21 (1) GDPR). In this case, the objection against data processing must be substantiated. If the data processing is based on consent, your consent can be revoked at any time with effect for the future.

The easiest way to exercise the rights of a person concerned is to contact In addition, you have the right to lodge a complaint with the data protection supervisory authority responsible for you.

III. Processing of personal data by NABU

Below we would like to give you an overview of how we ensure the protection of your personal data when accessing our website and which types of personal data we process for which purposes and to what extent.

1. Processing of data when accessing our website – Log files

When you access our website, general information is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider and the like. In addition, the IP address is transmitted and used to offer the service you have requested. This information is technically necessary for the correct delivery of content requested by you from websites and is mandatory when using the internet.

This log file data is anonymised by us immediately after the end of the usage process or stored for a period of around two weeks in order to recognise and analyse any attacks against our website, after which it is deleted. Legal basis for data processing is Art. 6 Para. 1 lit. f) GDPR.

3. Processing of data when using the website – your enquiries

If you send us an inquiry by e-mail or via the contact form (Plugin Contact Form 7), we collect your data for the processing and response to your request. We store this information for verification purposes over a period of up to two years. The Contact Form 7 Honeypot plugin is used as a spam filter. Legal basis for data processing Art. 6 para. 1 lit. f) GDPR. The transmission via the form is ecrypted.

4. Subscription to an e-mail newsletter

You have the possibility to subscribe to a NABU newsletter about our work in Ethiopia. Some newsletters are sent directly from Ethiopia, a third country with a lower level of data protection than in the EU. Therefore, we cannot guarantee the complete protection of your data necessary for the dispatch (e-mail address, if necessary name) despite all measures on our part. If you subscribe to the newsletter, you explicitly consent to the processing of your data for the purpose of sending the newsletter.
For the registration to our newsletter we use the so-called Double-Opt-In procedure. This means that we will send you a confirmation e-mail to the given e-mail address after you have entered your e-mail address, in which we will ask you to confirm that you wish the newsletter to be sent. If you confirm your wish to receive the newsletter, we will store your e-mail address until you unsubscribe. This storage serves the purpose of being able to send you the newsletter. In addition, we store your request and, if applicable, IP addresses and the dates of your registration each time you register and confirm it in order to prevent misuse of your personal data and to be able to provide proof of correct sending. The legal basis for the processing of your personal data for sending the e-mail is Art. 6 para. 1 lit. a) GDPR or, in the case of direct dispatch from Ethiopia, Art. 49 para. 1 lit. a) GDPR.

The e-mail address is the only mandatory information for sending the newsletter. You have the right to revoke your consent to the sending of the newsletter at any time. Your revocation does not affect the lawfulness of the processing of your personal data until revoked. You can declare your revocation by sending a message to the consignor of the newsletter, using the contact form on the website or by sending a message to the contact details given in the imprint.

5. Possible recipients of your data

Your data will not be passed on to third parties.
Recipients of the data may be technical service providers who, in our legitimate interest pursuant to Art. 6 Para. 1 lit. f) GDPR, act as contract processors for the operation, maintenance and, if applicable, the expansion of our website. Here an access to your data can be possible; therefore all service providers are contractually obligated to the adherence to the data security. Should this access exceptionally take place beyond the European Economic Area, appropriate data protection guarantees will be provided.

IV Integration of external services

1. Integration of Facebook News Feed & Co.

Our website uses a plug-in order to imbed the news feed of our Facebook fanpage on (Facebook Inc. (“Facebook”), 1601 South California Avenue, Palo Alto, CA 94304, USA). The purpose of this plug-in is to provide you with an opportunity to receive our latest news and other interesting information. You have to actively agree that the news feed of our Facebook fanpage is displayed in order to make sure that no data transfer takes place when you simply visit the website. Only when you agree your browser establishes a direct connection with the servers of Facebook. The content of the plug-in is transmitted through Facebook directly to your browser and integrated into the website by it. Facebook is also located outside the EU/EEA, we cannot therefore exclude the possibility that your data may be transferred to a server outside the EU/EEA and processed there. We have no influence on the scope or the period of use of the data that the respective network collects with the help of this plug-in and therefore inform you according to our state of knowledge:

As a result of your agreement, Facebook receives the information that you have called up the corresponding page of our website. If you are logged in to Facebook, it can assign this information to your profile. If you do not want Facebook to collect information about your visit to our website, you must therefore log out beforehand. However, there is always the possibility that Facebook may find out your IP address and save it even though you have not registered or logged in there.

Facebook might store the data collected about you as user profiles and use these for the purposes of advertising, market research and/or the needs-based design of its services. Such an evaluation is carried out in particular (also for users who are not logged in) to display demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles by Facebook.

The legal basis for the use of the plug-in is Art. 6 Para. 1 S. 1 lit. a GDPR. The purpose, duration and scope of the data collection and the further processing and use of your data as well as your rights in this regard and setting options for the protection of your privacy can be found in the data protection information of Facebook:

2. Integration of YouTube

Our website uses plug-ins from the YouTube page operated by Google (Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Irland). The site is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

When you visit one of our pages equipped with a YouTube plug-in, a connection is established to YouTube’s servers. This will tell the YouTube server which of our pages you have visited.

If you are logged in to your YouTube account, you can allow YouTube to directly associate your surfing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used in the interest of an appealing presentation of our online offers and thus on the basis of Art. 6 Para. 1 lit. f GDPR. We only record the extent to which YouTube videos integrated into our site are accessed and delete this data when we have no further use.

Further information on the handling of user data can be found in YouTube’s data protection declaration at: .

V Our cookie policy

1. General information on the use of cookies

Our website uses so-called cookies. Cookies are small text files that are stored on your terminal and stored by your browser. They serve to make our offers more user-friendly, more effective and safer. We use so-called temporary cookies, which are automatically deleted when you close your browser (“session cookies”), as well as persistent (permanent) cookies.

You have the choice whether you want to allow the setting of cookies or not. You can make changes in your browser settings. You can choose whether you want to accept all cookies, be informed when cookies are set or reject all cookies. If you choose the latter option, it is possible that you may not be able to make full use of our services, e.g. your learning progress will not necessarily be saved.

When cookies are used, a distinction must be made between the mandatory cookies and those required for further purposes (measurement of access figures, advertising purposes).

2. Mandatory required cookies when using the website

We use session cookies on our websites, which are absolutely necessary for the use of our websites. This includes cookies that enable us to recognize you while you are visiting the site during a single session. These session cookies contribute to the safe and user-friendly use of our services by, for example, temporarily storing the learning progress achieved.

3. Use of cookies with your consent

We do not use any other cookies, so we do not obtain your consent to do so.

VI Notes on ensuring data security

We take technical and operational security precautions on our pages in order to protect the personal data stored with us against access by third parties, loss or misuse and to enable secure data transfer. In order to protect the security of your data during transmission, we use state-of-the-art encryption procedures (certified SSL) via HTTPS.

We must point out that due to the structure of the internet, unwanted data access by third parties may occur. It is therefore also your responsibility to protect your data against misuse by encryption or other means. Without appropriate protective measures, unencrypted data in particular can be read by third parties, even if this is done by e-mail.

We must point out that due to the structure of the internet, unwanted data access by third parties may occur. It is therefore also your responsibility to protect your data against misuse by encryption or other means. Without appropriate protective measures, unencrypted data in particular can be read by third parties, even if this is done by e-mail.

VII Changes to our privacy policy

We reserve the right to adapt this data protection declaration so that it always corresponds to the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. Your renewed visit will then be subject to the new data protection declaration.

July 2019, translated from the German version of July 2019