On behalf of Kafa Biosphere Reserve:
The Nature and Biodiversity Conservation Union (NABU)
Charitéstraße 3
D-10117 Berlin, Germany


Website Content and Structure

Catherine Townsend

Design, Programming, CMS

Jochen Vorfelder / Sustainable Media



We would kindly like to thank the following people for generously allowing us to use their photos:

Alexandros Magarikakis
Bruno D'Amicis
Ioana Muntenescu
Jochen Vorfelder
Julia Näckel
Michael Jungmeier
NABU/ Bianca Schlegel
NABU/ Daniela Tunger
NABU/ Jan Schormann
NABU/ Marlen Krause
NABU/ Mesfin Tekle
NABU/ Svane Bender
Reiner Klingholz
Steve Döschner


The Nature and Biodiversity Conservation Union e.V. (NABU)
This privacy policy describes the processing of personal data when using the Kafa Coffee Biosphere Reserve website ( It also explains the choices you have about your personal information ("your rights") and how you can contact us.

I. Who is responsible and how can I contact the Data Protection Representative?
The person responsible within the meaning of the GDPR (General Data Protection Regulation) is the

NABU (The Nature and Biodiversity Conservation Union Germany) e.V.
Charitéstraße 3
D-10117 Berlin, Germany

Tel. +49 (0) 30-28 49 84-0
Fax +49 (0) 30-28 49 84-20 00

Register court: Amtsgericht Stuttgart | Register number: VR 2303
VAT identification-No.: DE 155765809

President: Jörg-Andreas Krüger, Managing Directors: Susanne Baumann, Leif Miller

If you have any questions about the processing of your personal data by us or about data protection in general, please contact our data protection representative at the following e-mail address:

II. Your rights as person concerned
Each affected person has the following rights:
• Right of access by the data subject (Art. 15 GDPR),
• Right of rectification (Art. 16 GDPR),
• Right of erasure, or better, a „right to be forgotten" (Art. 17 GDPR),
• Right to restriction of processing (Art. 18 GDPR),
• Right for data portability (Art. 20 GDPR).

You can object to the processing of personal data for advertising purposes including an analysis of customer data for advertising purposes at any time without stating reasons.

In addition, the person concerned also has a general right to object (cf. Art. 21 (1) GDPR). In this case, the objection against data processing must be substantiated. If the data processing is based on consent, your consent can be revoked at any time with effect for the future.

The easiest way to exercise the rights of a person concerned is to contact In addition, you have the right to lodge a complaint with the data protection supervisory authority responsible for you.

III. Processing of personal data by NABU
Below we would like to give you an overview of how we ensure the protection of your personal data when accessing our website and which types of personal data we process for which purposes and to what extent.

1. Processing of data when accessing our website - Log files
When you access our website, general information is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider and the like. In addition, the IP address is transmitted and used to offer the service you have requested. This information is technically necessary for the correct delivery of content requested by you from websites and is mandatory when using the internet.

This log file data is anonymised by us immediately after the end of the usage process or stored for a period of around two weeks in order to recognise and analyse any attacks against our website, after which it is deleted. Legal basis for data processing is Art. 6 Para. 1 lit. f) GDPR.

2. Processing of data when using the website - your enquiries
If you send us an inquiry by e-mail or via the contact form, we collect your data for the processing and response to your request. We store this information for verification purposes over a period of up to two years. Legal basis for data processing Art. 6 para. 1 lit. f) GDPR. The transmission via the form is ecrypted.

3. Possible recipients of your data
Your data will not be sold to third parties.
Recipients of the data may be technical service providers who, in our legitimate interest pursuant to Art. 6 Para. 1 lit. f) GDPR, act as contract processors for the operation, maintenance and, if applicable, the expansion of our website. Here an access to your data can be possible; therefore all service providers are contractually obligated to the adherence to the data security. Should this access exceptionally take place beyond the European Economic Area, appropriate data protection guarantees will be provided.

IV. Integration of external services

1. Integration of YouTube
Our website uses plug-ins from the YouTube page operated by Google (Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Irland). The site is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

When you visit one of our pages equipped with a YouTube plug-in, a connection is established to YouTube's servers. This will tell the YouTube server which of our pages you have visited.

If you are logged in to your YouTube account, you can allow YouTube to directly associate your surfing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used in the interest of an appealing presentation of our online offers and thus on the basis of Art. 6 Para. 1 lit. f GDPR. We only record the extent to which YouTube videos integrated into our site are accessed and delete this data when we have no further use.

Further information on the handling of user data can be found in YouTube's data protection declaration at: .

V. Our cookie policy

1. General information on the use of cookies
Website can use so-called cookies. Cookies are small text files that are stored on your terminal and stored by your browser. They serve to make our offers more user-friendly, more effective and safer. There are so-called temporary cookies, which are automatically deleted when you close your browser ("session cookies"), as well as persistent (permanent) cookies.

When cookies are used, a distinction must be made between the mandatory cookies and those required for further purposes (measurement of access figures, advertising purposes).

2. Mandatory required cookies when using the website
We use session cookies on our websites, which are absolutely necessary for the use of our websites. This includes cookies that enable us to recognize you while you are visiting the site during a single session or that enable you to use our services. These session cookies contribute to the safe and user-friendly use of our services by, for example, temporarily storing the learning progress achieved.

3. Use of cookies with your consent
We do not use any other cookies, so we do not obtain your consent to do so.

VI. Notes on ensuring data security
We take technical and operational security precautions on our pages in order to protect the personal data stored with us against access by third parties, loss or misuse and to enable secure data transfer. In order to protect the security of your data during transmission, we use state-of-the-art encryption procedures (certified SSL) via HTTPS.

We must point out that due to the structure of the internet, unwanted data access by third parties may occur. It is therefore also your responsibility to protect your data against misuse by encryption or other means. Without appropriate protective measures, unencrypted data in particular can be read by third parties, even if this is done by e-mail.

We must point out that due to the structure of the internet, unwanted data access by third parties may occur. It is therefore also your responsibility to protect your data against misuse by encryption or other means. Without appropriate protective measures, unencrypted data in particular can be read by third parties, even if this is done by e-mail.

VII. Privacy Policy for Facebook-Fanpage
For the information service offered here, we use the technical platform and services of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland. We process personal data ourselves via our Facebook fan page (see below under 2.), at the same time a data processing by Facebook takes place (see immediately under 1.). Please note that you use this Facebook page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).

1. Personal data processed by Facebook
When you visit our Facebook page, Facebook records your IP address and other information that is available on your PC in the form of cookies. This information is used to provide us, as the operator of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more information on this at the following link:

In using Facebook Messenger as an additional communication medium, the data and content of communication is processed via servers in the USA. Facebook also evaluates the meta data of the communication for advertising purposes, but not the content of the messages. Further details can be found at

The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. What information Facebook receives and how it is used is described in general terms in Facebook's data usage guidelines. There you will also find information about how to contact Facebook and about the settings for advertisements. The data use guidelines are available at the following link: The complete Facebook data use guidelines can be found here:

In what way Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties is not conclusively and clearly stated by Facebook and is not known to us. According to information from Facebook, this IP address is anonymized (for "German" IP addresses) and deleted after 90 days. Facebook also stores information about the end devices of its users (e.g. as part of the "login notification" function); if necessary, Facebook is thus able to assign IP addresses to individual users. If you are currently logged in to Facebook as a user, a cookie containing your Facebook ID is stored on your device. This enables Facebook to track that you have visited this page and how you have used it. This also applies to all other Facebook pages.

Facebook buttons integrated into websites allow Facebook to record your visits to these websites and assign them to your Facebook profile. This data can be used to offer content or advertising tailored to you. If you want to avoid this, you should log off from Facebook or deactivate the "Stay logged in" function, delete the cookies on your device, close and restart your browser. This will delete Facebook information that can be used to identify you immediately. As a result, you can use our Facebook page without revealing your Facebook identification. When you access interactive features of the site (Like, Comment, Share, Messages, etc.), a Facebook login screen appears. Once you have logged in, you will again be recognizable to Facebook as a specific user.

For information on how to manage or delete information about you, please visit the following Facebook support pages:

2. Personal data processed by us
As provider of the information service, we also collect and process the following data from your use of our service.

• Communication via Messenger
The Facebook Messenger is used as an additional communication medium. Messages received via this medium are processed by the responsible employees. Replies are made in private mode.
• Comments
Comments which are sent directly to NABU via the publicly accessible comment function or which mention NABU and its activities are checked for relevance by the responsible staff members. If necessary, they will be moderated. In order to do this, the staff members have access to the content and the sender of the comments. Replies are made, unless there is anything that opposes it, directly to the comments received and thus in public mode. If necessary, reference is made to generally applicable and Facebook-valid rules of conduct. Inappropriate comments will be commented on, hidden, deleted, or deleted by responsible parties such as Facebook, as described above.
• Forwarding of data
Data will only be forwarded with the explicit consent of the person concerned. Requests and, if necessary, contact data will only be forwarded to other parties after obtaining explicit consent.
• Suspicion of abuse
In case of suspicion of abuse or criminal activities, appropriate measures are taken, e.g. personal feedback, blocking of the person and in exceptional cases a report to Facebook or an order for deletion.
• Sweepstakes
Sweepstakes are conducted via posts, participants generally enter by posting a commentary. The winners are informed by a personal message and are asked for their postal address solely for the purpose of sending the prize.
• Use of statistical analyses
Statistical analyses of anonymised demographic data are used to improve the pages, make the content more interesting for target groups and find the right time for publications. This data includes various categories such as age, gender, location, language, total number of page views, "Like" information, page activity, post interactions, video views, post reach, comments, shared content, and responses.

You can find the link to this Privacy Policy under the "Privacy Policy" section on our Facebook Fan Page, Information. If you have questions about our services, you can contact us using the contact information provided above.

VII. Changes to our privacy policy
We reserve the right to adapt this data protection declaration so that it always corresponds to the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. Your renewed visit will then be subject to the new data protection declaration.

July 2020