Logo | Digitize the Planet
Join in
Enter data

Data Privacy

Privacy Policy in accordance with the GDPR

§ 1 Name and Address of the Controller

Digitize the Planet e. V.
Kreuzbergstraße 30
10965 Berlin
Germany

Tel.: +49 (0)1511 5420 423
mail@digitizetheplanet.org
www.digitizetheplanet.org

Represented by:
Hartmut Wimmer (1. Vorsitzender)
Dr. Neele Larondelle (2. Vorsitzende)
Mathias Behrens-Egge (3. Vorsitzender)
Tilman Sobek (Kassenführer)

§ 2 General Information on Data Processing

  • Types of data processed
    • Personal data (name, address, email address, telephone number)
    • Bank details in the case of donations
    • Usage data (page views, access times, etc.)
    • Meta/communication data (device information, IP address, etc.)
  • Data subjects
    Visitors to the website (hereinafter referred to as “users”)
  • Purpose of data processing
    • Provision of the service (operation of the website and platform)
    • Administration and improvement of the service
    • Communication with users
    • Security measures
    • Analysis of user behavior
    • Internal processes (including troubleshooting, data analysis, testing, research and development, statistics and surveys)
  • Legal basis for data processing
    • Art. 6(1)(a) and Art. 7 GDPR serve as the legal basis for the processing of personal data based on the consent of the data subject.
    • Art. 6(1)(b) GDPR serves as the legal basis for the processing of personal data for the performance of a contract.
  • Security of data processing
    Data security is ensured on the basis of Art. 32 GDPR. In addition, Art. 25 GDPR applies, which ensures data protection by design and by default.
  • Processors and third parties
    • If we grant processors or third parties access to data, transmit data to them or otherwise provide access, this is done on the basis of a legal permission (e.g. necessity for payment processing (contract performance = Art. 6(1)(b) GDPR)), user consent, a legal obligation, or our legitimate interests.
    • Processing by third parties is carried out on the basis of Art. 28 GDPR.
  • Data deletion and storage period
    Personal data will be deleted or restricted as soon as the purpose of storage no longer applies (Art. 17 and 18 GDPR). Data will also be deleted or restricted upon expiration of statutory retention periods (§§ 147(1) AO, 257(1) Nos. 1 and 4, (4) HGB, 10 years).

§ 3 Rights of Users

  • Access, rectification, deletion
    • Users have the right to obtain information about the personal data collected about them and to receive a copy of this data in accordance with Art. 15 GDPR.
    • Users may request the completion or correction of inaccurate personal data concerning them in accordance with Art. 16 GDPR.
    • Users have the right to request the deletion of their data (Art. 17 GDPR) or the restriction of the processing of their data (Art. 18 GDPR).
    • Pursuant to Art. 20 GDPR, users may request the personal data concerning them or have it transmitted to third parties.
    • Complaints may be lodged with the competent supervisory authority (Art. 77 GDPR).
  • Withdrawal of consent
    Users have the right to withdraw their consent at any time in accordance with Art. 7(3) GDPR.
  • Objection & Cookies
    • Users may object at any time to the future processing of personal data concerning them in accordance with Art. 21 GDPR.
    • We hereby inform users about the use of temporary and permanent cookies. Browser settings allow users to disable the storage of cookies on their device and to delete stored cookies. Disabling cookies may lead to limited functionality of the website.

§ 4 Statutory and Business-related Services

User data is processed on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR. Data of members, supporters or other persons is processed in accordance with Art. 6(1)(b) GDPR.

Data no longer required for statutory or business-related purposes will be deleted. In the case of business-related processing, data will be stored for as long as necessary for business transactions and with regard to warranty and liability obligations.

§ 5 Contact

User data collected in the course of contacting us will be processed for the purpose of handling the inquiry (Art. 6(1)(b) GDPR). User data may be stored in a CRM system.

§ 6 Newsletter

  • Consent
    Newsletters, emails and electronic notifications of a promotional nature are sent only with the consent of the recipient or on the basis of a statutory permission.
  • Processing by a service provider
    We have commissioned CleverReach as our newsletter software provider and concluded a data processing agreement. The data required for this processing is transferred to CleverReach GmbH & Co. KG.
  • Double opt-in and logging
    After subscribing to the newsletter, users receive an email requesting confirmation of the subscription. For this purpose, the registration and confirmation timestamps as well as the IP address are stored, and changes to the data stored by the mailing service provider are logged.
  • Subscription data
    To receive the newsletter, providing an email address is sufficient. Optionally, we ask for a name for personalized communication.
  • Dispatch & performance measurement
    This requires the recipient’s consent pursuant to Art. 6(1)(a), Art. 7 GDPR in conjunction with § 7(2) No. 3 UWG, or, if consent is not required, our legitimate interest in direct marketing pursuant to Art. 6(1)(f) GDPR in conjunction with § 7(3) UWG.
  • Logging
    Our legitimate interest in a secure, effective and user-friendly system forms the basis for logging the subscription process (Art. 6(1)(f) GDPR).
  • Cancellation & withdrawal
    Users may unsubscribe from the newsletter at any time and withdraw their consent. A corresponding link is provided at the end of each newsletter. The email address will be stored for up to three years before deletion due to our legitimate interest in being able to prove prior consent. The data is used solely to defend potential claims. Upon confirmation of previously granted consent, users may submit an individual request for deletion.
  • Performance measurement
    When sending newsletters, technical information about the browser and the user’s system (IP address) is collected. In addition, information about opening the newsletter and interactions within the newsletter (clicks) is collected. This serves statistical analysis and evaluation of user behavior in order to adapt content accordingly.

§ 7 Access Data and Log Files

Each access to the server is logged by our hosting provider on the basis of legitimate interest (Art. 6(1)(f) GDPR). The access data (accessed website, file, date and time of access, amount of data transferred, message indicating successful access, browser type and version, user’s operating system, referrer URL, IP address and provider) is collected, stored for a maximum of 7 days and then deleted. Data required for evidentiary purposes is excluded from deletion until the incident has been fully clarified.