We deeply value the trust you place in us. This is why we treat your personal data with the utmost care and respect, whether you are a supporter, a visitor, or just browsing our website.
On this page, we provide an overview of how we process your personal data and outline the rights you have in this context.
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
Zoologische Gesellschaft Frankfurt
Bernhard-Grzimek-Allee 1, 60316 Frankfurt, Deutschland
Representative of the controller:
TÜV SÜD Akademie GmbH
datenschutz@zgf.de
If you have any questions or suggestions regarding data protection, you may contact our Data Protection Officer at any time.
As a general rule, you can use our website without providing any personal data. However, if you wish to use certain services or features, it may be necessary for us to process personal data relating to you. Where there is no legal basis for such processing, we will, of course, obtain your consent.
The processing of personal data—such as your name, address, or email address—is always carried out in accordance with the General Data Protection Regulation (GDPR) and the applicable national data protection laws. With this Privacy Policy, we aim to provide you with transparent information about what data we collect, how we use it, and for what purposes.
We implement comprehensive technical and organizational measures to protect your data as effectively as possible. Nevertheless, please note that data transmission over the Internet may be subject to security vulnerabilities, and complete protection cannot be guaranteed. If you prefer, you may also provide your data to us via alternative means, such as by telephone or postal mail.
You can also take simple and practical steps to protect your data against unauthorized access by third parties.
We would therefore like to provide you with some guidance on how to handle your data securely:
- Protect your account (login, user, or customer account) and your IT systems (computer, laptop, tablet, or mobile device) with strong passwords.
- Only you should have access to your passwords.
- Make sure to use each password for only one account (login, user, or customer account).
- Do not reuse passwords across different websites, applications, or online services.
- In particular, when using publicly accessible or shared IT systems, always log out after each session on a website, application, or online service.
- Passwords should be at least 12 characters long and chosen so that they are not easy to guess. Therefore, avoid common words, your own name, or the names of relatives, and instead use a combination of uppercase and lowercase letters, numbers, and special characters.
This Privacy Policy is based on the terminology used by the European legislator in the adoption of the General Data Protection Regulation (GDPR). Our aim is to ensure that this Privacy Policy is easy to read and understand for the public, as well as for our customers and business partners. To achieve this, we would like to explain the terminology used in advance.
Personal Data
Personal data means any information relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more specific factors expressing the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Data Subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller (our organization).
Processing
Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Restriction of Processing
Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.
Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
Pseudonymization
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
Processor
A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
Recipient
A recipient is a natural or legal person, public authority, agency, or another body to which personal data is disclosed, whether or not it is a third party. However, public authorities that may receive personal data in the framework of a particular inquiry under Union or Member State law shall not be regarded as recipients.
Third Party
A third party is a natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent
Consent means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, expressed by a statement or by a clear affirmative action, by which the data subject signifies agreement to the processing of personal data relating to them.
Article 6(1)(a) GDPR (in conjunction with Section 25(1) of the German Telecommunications Digital Services Data Protection Act (TDDDG, formerly TTDSG)) serves as the legal basis for processing operations for which we obtain your consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which you are a party—for example, processing operations required for the delivery of goods or the provision of other services or consideration—the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations necessary for carrying out pre-contractual measures, such as responding to inquiries about our products or services.
If our organization is subject to a legal obligation requiring the processing of personal data—for example, to comply with tax obligations—the processing is based on Article 6(1)(c) GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance details, or other vital information had to be shared with a physician, hospital, or other third parties. In such cases, the processing would be based on Article 6(1)(d) GDPR.
Finally, processing operations may be based on Article 6(1)(f) GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal bases, where processing is necessary for the purposes of the legitimate interests pursued by our organization or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are permitted in particular because they have been specifically mentioned by the European legislator, who considered that a legitimate interest may exist, for example, where you are a customer of our organization (Recital 47, sentence 2 GDPR).
This website uses SSL and/or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login credentials, or contact inquiries that you send to us as the website operator. You can recognize an encrypted connection by the change in the browser’s address line from “http://” to “https://” and by the lock symbol in your browser bar.
We use this technology to protect the data you transmit.
When you use our website for informational purposes only—i.e., if you do not register, otherwise provide us with information, or give consent to processing activities requiring consent—we only collect data that is technically necessary to provide the service. This typically includes data that your browser transmits to our server (so-called “server log files”).
Each time our website is accessed by you or by an automated system, a range of general data and information is collected and stored in the server log files. The following data may be collected:
Browser types and versions used,
The operating system used by the accessing system,
The website from which an accessing system reaches our website (so-called referrer),
The subpages accessed on our website via an accessing system,
The date and time of access to the website,
A truncated Internet Protocol address (anonymized IP address), and
The Internet service provider of the accessing system.
When using these general data and information, we do not draw any conclusions about your identity. Rather, this information is required in order to:
Deliver the content of our website correctly,
Optimize the content of our website and its advertising,
Ensure the long-term functionality of our IT systems and the technology of our website, and
Provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.
Therefore, we analyze the collected data and information both statistically and with the aim of increasing data protection and data security within our organization, ultimately ensuring an optimal level of protection for the personal data we process. The anonymized data from the server log files is stored separately from any personal data provided by a data subject.
The legal basis for this data processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the purposes for data collection listed above.
We host our website with Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (hereinafter “Hetzner”).
When you visit our website, your personal data (e.g., IP addresses stored in log files) is processed on Hetzner’s servers.
The use of Hetzner is based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation, provision, and security of our website.
We have concluded a Data Processing Agreement (DPA) with Hetzner in accordance with Article 28 GDPR. This is a contract required under data protection law, which ensures that Hetzner processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
For more information on Hetzner’s data protection practices, please visit: https://www.hetzner.com/de/rechtliches/datenschutz
Cookies are small files that your browser automatically creates and that are stored on your IT system (e.g., laptop, tablet, smartphone) when you visit our website.
Information is stored in the cookie that results in each case from the context of the specific device used. However, this does not mean that we obtain direct knowledge of your identity.
The use of cookies serves to make your experience of our website more convenient. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.
In addition, we use temporary cookies to optimize user-friendliness, which are stored on your device for a defined period of time. If you visit our website again to use our services, it is automatically recognized that you have visited us before and which entries and settings you have made, so that you do not have to enter them again.
We also use cookies to statistically record the use of our website and to evaluate and optimize our offering for you. These cookies enable us to automatically recognize that you have previously visited our website when you return. These cookies are automatically deleted after a defined period. The respective storage duration of the cookies can be found in the settings of the consent tool used.
The data processed by cookies that are necessary for the proper functioning of the website are required to safeguard our legitimate interests and those of third parties in accordance with Article 6(1)(f) GDPR.
For all other cookies, you have given your consent via our opt-in cookie banner in accordance with Article 6(1)(a) GDPR.
How to Prevent Cookies in Common Browsers
You can use your browser settings at any time to delete cookies, allow only selected cookies, or completely disable cookies. For more information, please refer to the support pages of the respective providers:
Chrome: https://support.google.com/chrome/answer/95647?tid=311178978.
Safari: https://support.apple.com/de-at/guide/safari/sfri11471/mac?tid=311178978.
Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?tid=311178978.
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-l%C3%B6schen-63947406-40ac-c3b8-57b9-2a946a29ae09.
Borlabs Cookie (Consent Management Tool)
We use the WordPress cookie plugin “Borlabs Cookie” provided by Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany. This service enables us to obtain and manage the consent of website users for data processing.
Borlabs Cookie uses cookies to collect data generated by end users when they use our website. When a user provides consent, the following data is automatically recorded, among others:
Cookie duration,
Cookie version,
Domain and path of the WordPress website,
Selections made in the cookie banner,
UID (a randomly generated ID).
The consent status is also stored in the end user’s browser so that the website can automatically read and comply with the user’s consent for all subsequent page requests and future sessions for up to 12 months. Consent data (consent given and withdrawal of consent) is stored for three years. This retention period corresponds to the regular statutory limitation period pursuant to Section 195 of the German Civil Code (BGB). The data is then deleted immediately.
The functionality of the website cannot be ensured without the described processing. Users do not have the right to object as long as there is a legal obligation to obtain user consent for certain data processing activities, pursuant to Article 7(1) and Article 6(1), sentence 1, lit. c) GDPR.
The collected data is not transmitted to Borlabs GmbH, nor does Borlabs GmbH have access to it.
For more information, please visit: https://de.borlabs.io/borlabs-cookie/
Contact / Contact Form
When you contact us (e.g., via contact form or email), personal data is collected. The specific data collected when using a contact form can be seen from the respective form. This data is stored and used exclusively for the purpose of responding to your inquiry and for the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Article 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) GDPR. Your data will be deleted after your inquiry has been fully processed, provided that it can be inferred from the circumstances that the matter has been conclusively resolved and that no statutory retention obligations prevent deletion.
Application Management / Job Portal
We collect and process the personal data of applicants for the purpose of handling the application process. Processing may also take place electronically, in particular if applicants submit application documents electronically, for example via email or through a web form on our website. If we conclude an employment or service contract with an applicant, the transmitted data will be stored for the purpose of managing the employment relationship in compliance with applicable legal requirements. If no contract is concluded with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests on our part prevent deletion. Such a legitimate interest may exist, for example, in the case of a burden of proof under the German General Equal Treatment Act (AGG).
The legal basis for processing your data is Article 6(1)(b), Article 88 GDPR in conjunction with Section 26(1) of the German Federal Data Protection Act (BDSG).
Mailjet
Transactional emails are sent via the service provider Mailjet. The provider is SAS Mailjet, 13-13 bis, rue de l’Aubrac, 75012 Paris, France.
The purpose of data processing is the distribution of newsletters. Mailjet may use your data in pseudonymized form (without direct attribution to a specific user) to optimize or improve its own services, for example for the technical optimization of sending and displaying newsletters or for statistical purposes. Mailjet will not contact you directly, nor will your data be shared with third parties.
The use of this service provider is based on Article 6(1)(f) GDPR and a Data Processing Agreement in accordance with Article 28 GDPR. The legal basis for processing your personal data in connection with the newsletter is your consent given through the double opt-in procedure pursuant to Article 6(1)(a) GDPR. You may withdraw your consent at any time.
If you do not wish to be analyzed by Mailjet, you must unsubscribe from the newsletter. A corresponding unsubscribe link is provided in every newsletter. You may also unsubscribe directly via our website.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter. After you unsubscribe, your data will be blocked both on our servers and on Mailjet’s servers for further newsletter distribution. If you also wish to have your data stored for newsletter purposes deleted, please let us know. Data stored by us for other purposes (e.g., email addresses for member accounts) remains unaffected.
For more information on Mailjet’s data protection practices, please visit: https://www.mailjet.de/privacy-policy/.
n order to communicate with you and inform you about our services via social networks, we maintain our own pages on these platforms. When you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform, within the meaning of Article 26 GDPR, for the processing operations triggered by your visit.
We are not the original provider of these pages but use them solely within the scope of the options made available to us by the respective providers.
We therefore point out, as a precaution, that your data may also be processed outside the European Union (EU) or the European Economic Area (EEA). This may result in data protection risks for you, as the enforcement of your rights (e.g., access, erasure, objection, etc.) may be more difficult, and processing within social networks is often carried out directly by the providers for advertising purposes or for analyzing user behavior, without our ability to influence this. If usage profiles are created by the provider, cookies are often used or your usage behavior is linked to your personal account on the respective social network.
The described processing of personal data is carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest and the legitimate interest of the respective provider in communicating with you in a modern manner and informing you about our services. Where you are required to provide consent to the respective provider for data processing as a user, the legal basis is Article 6(1)(a) GDPR in conjunction with Article 7 GDPR.
As we do not have access to the providers’ data sets, we recommend that you assert your rights (e.g., access, rectification, erasure, etc.) directly with the respective provider. Further information on the processing of your data in social networks can be found below for the respective providers we use:
(Joint) Controller for Data Processing in Europe:
Meta Platforms Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2, Ireland
Meta (Facebook) may, unless you object, process content of adult users from the EU—such as photos, posts, or comments—for the purpose of training its own AI models. This processing is based on a legitimate interest pursuant to Article 6(1)(f) GDPR. As an organization, we have no influence over this specific data processing carried out by Meta. Users can object to this processing via an online form provided on Meta’s platforms.
Privacy Policy (Data Policy): https://www.facebook.com/about/privacy
(Joint) Controller for Data Processing in Germany:
Meta Platforms Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2, Ireland
Meta (Instagram) may, unless you object, process content of adult users from the EU—such as photos, posts, or comments—for the purpose of training its own AI models. As an organization, we have no influence over this specific data processing carried out by Meta. This processing is based on a legitimate interest pursuant to Article 6(1)(f) GDPR. Users can object to this processing via an online form provided on Meta’s platforms.
Privacy Policy (Data Policy):
https://instagram.com/legal/privacy/
(Joint) Controller for Data Processing in Europe:
LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2, Ireland
Privacy Policy:https://www.linkedin.com/legal/privacy-policy
(Joint) Controller for Data Processing in Europe:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland
Privacy Policy: https://policies.google.com/privacy
We have integrated the Matomo component provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, on this website. Matomo is a web analytics software used to collect, gather, and evaluate data about the behavior of visitors to websites. Among other things, data is collected regarding the website from which a data subject accessed our website (so-called referrer), which subpages were accessed, how often, and for what duration a subpage was viewed. This is used to optimize the website and to perform cost-benefit analyses of online advertising.
The software is operated on the server of the controller, and the log files containing potentially sensitive data are stored exclusively on this server.
Matomo sets a cookie on your IT system. By setting this cookie, we are able to analyze the use of our website. Each time one of the individual pages of this website is accessed, the internet browser on your IT system is automatically prompted by the Matomo component to transmit data to our server for the purpose of online analysis. As part of this technical process, we obtain knowledge of personal data, such as the IP address of the data subject, which helps us, among other things, to trace the origin of visitors and clicks.
By means of the cookie, personal information such as the time of access, the location from which access originated, and the frequency of visits to our website is stored. Each time you visit our website, this personal data, including the IP address of the internet connection you use, is transmitted to our server. This personal data is stored by us. We do not pass this personal data on to third parties.
These processing operations are carried out exclusively on the basis of your explicit consent in accordance with Article 6(1)(a) GDPR.
You can find Matomo’s privacy policy at: https://matomo.org/privacy/.
This website also uses Google Analytics 4, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
Google Analytics uses cookies and similar technologies to collect, among other things, the IP address (in truncated, anonymized form), information about the device used, the date and time of the visit, and the pages accessed. The data collected in this way is used to statistically evaluate the use of the website in order to further develop and improve our services in a user-friendly manner.
Google Analytics is used only with your prior explicit consent (Article 6(1)(a) GDPR), which you provide via our cookie consent tool. Without your consent, no Google Analytics tracking will take place.
We have configured IP address processing so that IP addresses are anonymized before storage, thereby preventing any direct personal identification. A Data Processing Agreement (DPA) with Google has been concluded, or alternatively, Google’s data processing terms for analytics and advertising products apply.
The default data retention period set by Google is 14 months. In addition, personal data is retained only for as long as necessary to fulfill the purpose of processing. The data is deleted as soon as it is no longer required for that purpose.
Google’s parent company, Google LLC, is certified under the EU–U.S. Data Privacy Framework. An adequacy decision pursuant to Article 45 GDPR is therefore in place, meaning that personal data may be transferred without additional safeguards or measures.
For more information on how Google processes data, please refer to Google’s privacy notice at: https://support.google.com/analytics/answer/12017362?hl=de.
You can disable the collection of data generated by cookies and related to your use of the website at any time via your cookie settings or by using an appropriate browser add-on.
This website also uses Google Tag Manager provided by Google Ireland Limited. Google Tag Manager is a tool used to manage website tags (small code snippets), such as analytics or marketing tags.
Google Tag Manager itself does not set any tracking cookies and does not store any personal data. It is used solely for the technical purpose of loading tracking scripts (e.g., Google Analytics).
The following also applies to Google Tag Manager: it is only activated if you have given your prior explicit consent. Without your consent, no tracking scripts that process personal data will be loaded via the Tag Manager.
Legal Basis & Withdrawal of Consent
The use of Google Analytics and Google Tag Manager is based on your consent pursuant to Article 6(1)(a) GDPR. You may change or withdraw your consent at any time via the cookie consent tool on this website, without affecting the lawfulness of processing carried out based on consent before its withdrawal.
For further information about Google Tag Manager and Google’s privacy policy, please visit: https://www.google.com/intl/de/policies/privacy/.
We have integrated Google Ads on this website. The service provider for Google Ads is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
We use Google Ads to advertise this website in Google search results and on third-party websites. For this purpose, Google places a cookie on your device’s browser, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you have visited.
Any further data processing only takes place if you have consented to Google linking your web and app browsing history to your Google account and using information from your Google account to personalize ads you see on the web. In such cases, if you are logged into Google while visiting our website, Google uses your data together with Google Analytics data to create and define audience lists for cross-device remarketing. For this purpose, your personal data is temporarily linked with Google Analytics data to form target audiences.
These processing operations are carried out exclusively on the basis of your explicit consent in accordance with Article 6(1)(a) GDPR.
Google’s parent company, Google LLC, is certified under the EU–U.S. Data Privacy Framework. An adequacy decision pursuant to Article 45 GDPR is therefore in place, meaning that personal data may be transferred without additional safeguards or measures.
You can find Google Ads’ privacy policy and further information at: https://www.google.com/policies/technologies/ads/
We use the reCAPTCHA function on this website. The service provider for Google reCAPTCHA is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The reCAPTCHA function is primarily used to determine whether input is made by a natural person or abusively by automated processing. The service also includes the transmission of the IP address and, where applicable, other data required by Google for the reCAPTCHA service to Google.
These processing operations are carried out exclusively on the basis of your explicit consent in accordance with Article 6(1)(a) GDPR.
Google’s parent company, Google LLC, is certified under the EU–U.S. Data Privacy Framework. An adequacy decision pursuant to Article 45 GDPR is therefore in place, meaning that personal data may be transferred without additional safeguards or measures.
For further information about Google reCAPTCHA and Google’s privacy policy, please visit: https://www.google.com/intl/de/policies/privacy/.
Our website uses so-called web fonts to ensure a consistent display of fonts. Google Web Fonts are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
These processing operations are carried out exclusively on the basis of your explicit consent pursuant to Art. 6(1)(a) GDPR.
The parent company, Google LLC, is certified under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR is therefore in place, allowing the transfer of personal data without additional safeguards or supplementary measures.
Further information on Google Web Fonts and Google’s privacy policy can be found at: https://developers.google.com/fonts/faq ; https://www.google.com/policies/privacy/.
We integrate the podcast hosting service Podigee on our website. The provider is Podigee GmbH, Revaler Straße 28, 10245 Berlin, Germany. Podcasts are either loaded directly from Podigee or transmitted via Podigee.
The service does not use cookies. However, a connection to Podigee is established. In this context, Podigee processes, among others, the following data:
IP address,
referrer URL,
device information,
accessed podcast
No user profiles are created. The data is stored by Podigee only for as long as necessary to achieve the respective purposes and as permitted by law.
Where consent has been obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR. We also have a legitimate interest in the uncomplicated integration of media content and its analysis in order to optimize our services, pursuant to Art. 6(1)(f) GDPR.
Further information about the service can be found at: https://www.podigee.com/de/about/privacy/.
Plugins of the video portal Vimeo, provided by Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA, are integrated into our website. When you access a page of our website that contains such a plugin, your browser establishes a direct connection to Vimeo’s servers. The content of the plugin is transmitted directly from Vimeo to your browser and embedded into the page. Through this integration, Vimeo receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Vimeo account or are not currently logged in to Vimeo. This information (including your IP address) is transmitted directly from your browser to a server of Vimeo in the USA and stored there.
This US company is certified under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR is therefore in place, allowing the transfer of personal data without additional safeguards or supplementary measures.
If you are logged into Vimeo, Vimeo can directly associate your visit to our website with your Vimeo account. If you interact with the plugins (for example, by clicking the play button of a video), this information is also transmitted directly to a server of Vimeo and stored there.
For videos from Vimeo embedded on our website, the tracking tool Google Analytics is automatically integrated. This is Vimeo’s own tracking, over which we have no access and which we cannot influence. Google Analytics uses so-called “cookies”, which are text files stored on your computer that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transmitted to a server of Google in the USA and stored there.
These processing operations are carried out exclusively on the basis of your explicit consent pursuant to Art. 6(1)(a) GDPR.
Vimeo’s privacy policy can be accessed at: https://vimeo.com/privacy
We have integrated components of YouTube on this website. The operator of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
YouTube is an online video portal that allows video publishers to upload video clips free of charge and enables other users to view, rate, and comment on these videos, also free of charge. YouTube permits the publication of all types of videos, which is why complete films and television programs, as well as music videos, trailers, and user-generated content, can be accessed via the internet portal. Each time one of the individual pages of this website, which is operated by us and on which a YouTube component (YouTube video) has been integrated, is accessed, the internet browser on your IT system is automatically prompted by the respective YouTube component to download a display of the corresponding YouTube component from YouTube. In addition, services such as Google Web Fonts, Google Video, and Google Photo may be loaded. Further information about YouTube is available at https://www.youtube.com/yt/about/de/
. As part of this technical process, YouTube and Google obtain knowledge of which specific subpage of our website you have visited.
If you are logged into YouTube at the same time, YouTube recognizes which specific subpage of our website you are visiting when you access a subpage containing a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account.
YouTube and Google receive information via the YouTube component that you have visited our website whenever you are logged into YouTube at the time of accessing our website; this occurs regardless of whether you click on a YouTube video or not. If you do not wish such information to be transmitted to YouTube and Google, you can prevent this by logging out of your YouTube account before accessing our website.
These processing operations are carried out exclusively on the basis of your explicit consent pursuant to Art. 6(1)(a) GDPR.
The parent company, Google LLC, is certified under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR is therefore in place, allowing the transfer of personal data without additional safeguards or supplementary measures.
You can access YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy/.
For the purpose of processing payments, we transmit the data required for this purpose to our payment service provider. The transfer is carried out exclusively for the proper processing of payments (Art. 6(1)(b) GDPR).
You also have the option to gift a sponsorship. In this case, we process personal data of the recipient exclusively if and as soon as the recipient has consented to the processing of their data (Art. 6(1)(a) GDPR). The gift sponsorship only becomes effective upon such consent.
If you make an online donation or conclude a sponsorship or membership, your data will be securely transmitted to us using up-to-date encryption technologies (e.g. TLS/SSL).
For the processing of online donations, we use the donation forms of FundraisingBox, a service provided by Wikando GmbH, Schießgrabenstr. 32, 86150 Augsburg, Germany.
A data processing agreement pursuant to Art. 28 GDPR has been concluded with the service provider. Wikando GmbH processes personal data exclusively on our instructions and solely for the purpose of the technical processing of your donation.
For the processing of your donation, we collect the data required for this purpose, in particular your name, your address, and payment information (e.g. bank details or credit card data). After submitting the form, you will receive a confirmation of the donation process by email.
Further information on data protection at FundraisingBox can be found at:
https://fundraisingbox.com/privacy/
Neon One – Donations to FZS US
For the processing of donations to FZS US, we use the service provider Neon One, LLC, 4545 N Ravenswood Ave, 2nd Floor, Chicago, IL 60640, USA. Neon is part of Databricks, Inc., San Francisco, CA.
Neon One acts as a processor pursuant to Art. 28 GDPR and processes personal data on our behalf.
In the context of donation processing, the following data in particular is processed:
name, contact details (e.g. email address, address), as well as donation-related information.
Processing is carried out for the purpose of executing the donation on the basis of Art. 6(1)(b) GDPR.
In this context, personal data may be transferred to the USA. The USA does not provide a level of data protection comparable to that of the EU.
The provider is certified under the EU-U.S. Data Privacy Framework; therefore, the transfer is based on this framework. In addition, standard contractual clauses of the European Commission may be concluded.
Further information on data protection at Neon One can be found at:
https://neon.tech/privacy-guide
Our website may contain links to websites of other providers. Please note that this privacy policy applies exclusively to the websites of the Zoological Society Frankfurt. We have no influence over and do not monitor whether other providers comply with the applicable data protection regulations.
We process and store your personal data only for the period necessary to achieve the purpose of storage or as provided for by the legal provisions to which our company is subject.
If the purpose of storage ceases to apply or if a prescribed retention period expires, the personal data will be routinely restricted or erased in accordance with the statutory provisions.
Sie haben das Recht, von uns jederzeit auf Antrag eine Auskunft über die von uns verarbeiteten, Sie betreffenden personenbezogenen Daten im Umfang des Art. 15 DSGVO zu erhalten. Hierzu können Sie einen Antrag postalisch oder per E-Mail an die unten angegebenen Adressen stellen.
You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed.
You have the right to obtain from us, at any time and free of charge, information about the personal data stored concerning you, as well as a copy of such data, in accordance with the statutory provisions.
You have the right to request the rectification of inaccurate personal data concerning you. Furthermore, taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.
You have the right to request that we erase personal data concerning you without undue delay, provided that one of the statutory grounds applies and insofar as the processing or storage is not necessary.
You have the right to request the restriction of processing from us where one of the statutory conditions is met.
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us, to whom the personal data have been provided, where the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, or on a contract pursuant to Art. 6(1)(b) GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, in exercising your right to data portability pursuant to Art. 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and where this does not adversely affect the rights and freedoms of others.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) (processing in the public interest) or (f) (processing based on a balancing of interests) GDPR.
This also applies to profiling based on these provisions within the meaning of Art. 4(4) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defence of legal claims.
In individual cases, we process personal data for the purpose of direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. This also applies to profiling insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, you have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you carried out for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
You are free to exercise your right to object by automated means using technical specifications in connection with the use of information society services, notwithstanding Directive 2002/58/EC.
Withdrawal of consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority responsible for data protection regarding our processing of your personal data.
You have the right to obtain information about the personal data stored concerning you, as well as the right to rectification of inaccurate data, restriction of processing, and erasure.
If you have any questions regarding the processing of your personal data, wish to request correction or erasure, or have further questions about the use of the personal data you have provided to us, you may contact our external Data Protection Officer directly, who is also available in the case of access requests, applications, or complaints.
This privacy policy is currently valid and was last updated in: March 2026.
Due to the further development of our website and services or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version of the privacy policy can be accessed and printed at any time on our website at https://fzs.org/en/privacy-policy/