Forests for Future

Developing forest landscapes for livelihoods and climate adaptation in Southwest Ethiopia

Privacy and Cookie Policy

The Nature and Biodiversity Conservation Union e.V. (NABU)

This privacy policy describes the processing of personal data when using the Forests for Future website ( It also explains the choices you have about your personal information (“your rights”) and how you can contact us.

I. Who is responsible and how can I contact the Data Protection Representative?

The person responsible within the meaning of the GDPR (General Data Protection Regulation) is

NABU (The Nature and Biodiversity Conservation Union Germany) e.V.
Charitéstraße 3
1011 Berlin

Tel. +49 (0) 30-28 49 84-0
Fax +49 (0) 30-28 49 84-20 00

Register court: Amtsgericht Stuttgart | Register number: VR 2303
VAT identification-No.: DE 155765809

President: Jörg-Andreas Krüger, Managing Director: Susanne Baumann

If you have any questions about the processing of your personal data by us or about data protection in general, please contact our data protection representative at the following e-mail address:

II. Your rights as person concerned

Each affected person has the following rights:

  • Right of access by the data subject (Art. 15 GDPR),
  • Right of rectification (Art. 16 GDPR),
  • Right of erasure, or better, a „right to be forgotten“ (Art. 17 GDPR),
  • Right to restriction of processing (Art. 18 GDPR),
  • Right for data portability (Art. 20 GDPR).

You can object to the processing of personal data for advertising purposes including an analysis of customer data for advertising purposes at any time without stating reasons.

In addition, the person concerned also has a general right to object (cf. Art. 21 (1) GDPR). In this case, the objection against data processing must be substantiated. If the data processing is based on consent, your consent can be revoked at any time with effect for the future.
The easiest way to exercise your rights of objection is to contact If you would like to have a secure transmission, please contact us by post. For all other data protection concerns, especially confidential ones, you can contact our external data protection officer, Dr. Stefan Drewes, directly via the e-mail address

III. Processing of personal data by NABU

Below we would like to give you an overview of how we ensure the protection of your personal data when accessing our website and which types of personal data we process for which purposes and to what extent.

1. Processing of data when accessing our website – Log files

When you access our website, general information is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider and the like. In addition, the IP address is transmitted and used to offer the service you have requested. This information is technically necessary for the correct delivery of content requested by you from websites and is mandatory when using the internet.
This log file data is anonymised by us immediately after the end of the usage process or stored for a period of around two weeks in order to recognise and analyse any attacks against our website, after which it is deleted. Legal basis for data processing is Art. 6 Para. 1 lit. f) GDPR.

2. Processing of data when using the website – your enquiries

If you send us an inquiry by e-mail or via the contact form, we will collect the data you provide for handling and answering your request. We store this information for a period of three to eleven years due to statutory retention periods for verification purposes. The legal basis for data processing is Art. 6 Para. 1 lit. b) in the case of pre-contractual/contractual relations and/or otherwise f) GDPR.

3. Processing of data when using the website – watching YouTube videos

Our website contains videos provided by the platform YouTube, which is operated by Google (Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland). The platform is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

To be able to play YouTube videos you have to accept that YouTube is processing some of your data. If you accept, the video is activated and a connection is established to YouTube’s servers which are mostly outside of the EU/EEA. A lower level of data protection is therefore possible. The established connection will inform the YouTube server which of our pages you have visited. However, the YouTube videos are embedded in the enhanced privacy mode provided by YouTube, so that the data processing by YouTube is limited and no cookies are set.

If you are logged in to your YouTube account, YouTube might directly associate your surfing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used in the interest of an appealing presentation of our online offers and with your consent according to Art. 6 Para. 1 lit. a GDPR. We only record the extent to which YouTube videos integrated into our site are accessed and delete this data when we have no further use.

Further information on the handling of user data can be found in YouTube’s data protection declaration at:

4. Possible recipients of your data

Within the organisation of the data controller, only those entities that need access to your data will be given access to your data in order to fulfil their tasks. The need derives from our contractual and legal obligations as well as on the basis of the consideration of interests, taking into account the respective data category. Service providers employed by the responsible party may also receive data for these purposes if they are commissioned as processors in accordance with Art. 28 GDPR.

Possible recipients of personal data are for example:

  • national and international environmental protection organisations within the framework of global strategies and global environmental protection connected to the project ‘Forests for Future’;
  • Cooperation partners with whom joint actions and projects (e.g. participatory campaigns) are carried out online or by means of print products;
  • public bodies and institutions (e.g. regulatory and investigative authorities, financial authorities, Federal Central Tax Office) when there is a legal or official obligation or cooperation;
  • Funding/third-party funding bodies, provided that the action, event or similar is financed by funds/third-party funding;
  • other credit and financial services institutions;
  • Contract processors, for the support/maintenance of EDP/IT applications, archiving, document processing, compliance services, controlling, data screening in accordance with legal requirements, printing and sending personalised letters, sending e-mails, data destruction, auditing services and payment transactions;
  • other data recipients on the basis of a consent given by you.

5. Transfer of data to a third country or international organisation

A data transfer to countries outside the EU or the EEA (so-called third countries) is only carried out if this is necessary for the execution of your requests, if it is required by law (e.g. tax reporting obligations), if you have given us your consent or within the scope of a commissioned data processing. If third country service providers are used, in addition to written instructions, they must take appropriate measures (e.g. agreement on the EU standard contractual clauses) to comply with the level of data protection in Europe.

IV Our cookie policy

A website can use so-called cookies. Cookies are small text files that are stored on your terminal and stored by your browser. They serve to make websites more user-friendly, more effective and safer. There are so-called temporary cookies, which are automatically deleted when you close your browser (“session cookies”), as well as persistent (permanent) cookies.
We do not use any cookies on our website.

V Notes on ensuring data security

We take technical and operational security precautions on our pages in order to protect the personal data stored with us against access by third parties, loss or misuse and to enable secure data transfer. In order to protect the security of your data during transmission, we use state-of-the-art encryption procedures (certified SSL) via HTTPS.

We must point out that due to the structure of the internet, unwanted data access by third parties may occur. It is therefore also your responsibility to protect your data against misuse by encryption or other means. Without appropriate protective measures, unencrypted data in particular can be read by third parties, even if this is done by e-mail.

We must point out that due to the structure of the internet, unwanted data access by third parties may occur. It is therefore also your responsibility to protect your data against misuse by encryption or other means. Without appropriate protective measures, unencrypted data in particular can be read by third parties, even if this is done by e-mail.

VI Changes to our privacy policy

We reserve the right to adapt this data protection declaration so that it always corresponds to the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. Your renewed visit will then be subject to the new data protection declaration.

January 2022

Share in Social Media