//

protection : a measure intended to preserve civil liberties and rights

Privacy policy according to GDPR

§ 1 Name and address of the responsible party

Digitize the Planet e. V.
Kreuzbergstraße 30
10965 Berlin

Tel.: +49 30 32793119

www.digitizetheplanet.org

§ 2 General information on data processing

  • Data that will be processed
    – personal data (name, address, e-mail, telephone number)
    – bank data in case of donation
    – usage data (page views, access times…)
    – meta/communication data (device information, IP address…)
  • Data processed by
    Website visitors (hereinafter “Users”).
  • Data is processed for
    – the provision of the service (operation of the website and platform)
    – the administration and improvment of services
    – the communication with users
    – the analysis of user behavior
    – internal operations (including troubleshooting, data analysis, testing, research and development, statistics and surveys)
  • Legal basis of data processing
    – Art. 6 (1) lit. a and Art 7 GDPR serve as the legal basis of the processing operations of personal data with obtaining the data subject’s consent.
    – Art 6 (1) lit. b EU GDPR serves as the legal basis of the processing of personal data in the context of the performance of a contract.
  • Security of data processing
    The security of data processing is based on Art. 32 GDPR. In addition, Art. 25 GDPR applies, which ensures data protection through the appropriate design of technology and data protection-friendly default settings.
  • Processors and third parties
    – If we grant processors or third parties access to the data, transmit them or provide insight, the legal permission is fundamental (e.g. transmission requirement for payment processing (contract performance = Art. 6 para 1 lit. b GDPR), the consent of the user is available, there is a legal obligation or we protect our legitimate interest.
    – Order processing by third parties is carried out based on Art. 28 GDPR.
  • Data deletion and storage period
    If the purpose of storage ceases to apply, personal data will be deleted or blocked (Art. 17 and 18 GDPR). Deletion or blocking of data also occurs upon a standardized storage period (§§ 147 para. 1 AO, 257 para. 1 nos. 1 and 4, para. 4 HGB, 10 years).

§ 3 Rights of the users

  • Information, processing, deletion
    – Users have the right to information regarding the data collected about them, as well as a copy of the data following Art. 15 GDPR.
    – Users can demand both the clarification and the correction of the data concerning them, following Art. 16 GDPR.
    – Users have the right to request the deletion of their data (Art. 17 GDPR) or the restriction of the processing of their data (Art. 18 GDPR).
    – According to Art. 20 GDPR, users may request the data collected or transfer it to third parties.
    – Complaints can be submitted to the competent supervisory authority (Art. 77 GDPR).
  • Revocation
    Users have the right to revoke consent granted according to Art. 7 (3) GDPR.
  • Objection & Cookies
    – Users may object to the future processing of data concerning them at any time following Art. 21 GDPR.
    – We hereby clarify the use of temporary and permanent cookies. The system setting of the browser allows users to disable the storage of cookies on their computer and to delete stored cookies. This may result in the limited functionality of the website.

§ 4 Statutory and business services

User data is collected following Art. 6 paras. 1 lit. f. GDPR processed based on our legitimate interest. Data of members, supporters, or other persons have been processed according to Art. 6 paras. 1 lit. b GDPR.

Data no longer required for our statutory and business purposes will be deleted. In the case of business processing, the data will be kept for as long as is necessary for business processing or concerning warranty and liability obligations.

§ 5 Contacting

User data collected in the course of contacting us will be processed to handle the contact request (Art. 6 para. 1 lit b) GDPR). User data may be stored in a CRM system.

§ 6 Newsletter

  • Permission
    Newsletters, e-mails, and electronic notifications with advertising content are sent with the consent of the recipient or with statutory permission.
  • Double opt-in and logging
    After registering for the newsletter, users receive an e-mail requesting confirmation of registration. For this purpose, the time of registration and confirmation, as well as the IP address, are stored and the changes to the data stored with the dispatch service provider are logged.
  • Registration data
    To receive the newsletter, it is sufficient to provide the e-mail address. For a personal address, we optionally ask for a name.
  • Dispatch & performance measurement
    This requires the consent of the recipient pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 No. 3 UWG or, if consent is not required, the legitimate interest in direct marketing pursuant to Art. 6 para. 1 lt. f. GDPR in conjunction with Section 7 (3) UWG.
  • Logging
    The legitimate interest in a secure, effective, and user-friendly system is fundamental for the logging of the registration process (Art. 6 para. 1 lit. f GDPR).
  • Cancellation & Revocation
    Users can cancel the newsletter at any time and revoke their consent. A corresponding link is provided at the end of each newsletter. Due to legitimate interest, the email address remains stored for up to three years before deletion to be able to prove the original existence of consent. The data will only be processed for the defense of possible claims. Upon confirmation of the formerly existing consent, users can submit an individual deletion request.
  • Performance measurement
    Technical information on the browser and the user system (IP address) is retrieved when the newsletter is sent. Furthermore, information on the opening of the newsletter as well as on the movements in the newsletter (clicks) are collected. This serves the statistical collection and evaluation of user behavior to adapt the content according to user behavior.

§ 7 Access data and log files

Every access to the server is logged by our hosting provider for legitimate interest (Art. 6 para. 1 lit. f. GDPR). The access data (website accessed, file, date and time of access, volume of data transferred, notification of successful access, browser type and version, user’s operating system, referrer URL, IP address, and provider) is recorded, stored for a maximum of 7 days and then deleted. If data is necessary for evidentiary purposes, it is excluded from deletion until the incident has been clarified.

§ 8 Google Analytics

We use Google Analytics (Google LLC). Google uses cookies, which transmit their generated information about the use of the online offer in the rules to a server in the U.S. and store it there. Google guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). The information is used on our behalf to create an evaluation of the use of our online offer. Pseudonymous usage profiles can be created from the processed data. The IP addresses of users are usually, for users within the EU or the European Economic Area, shortened by Google. The IP addresses are not merged with other data from Google. An appropriate setting of the browser can prevent the storage of cookies. The personal data will be deleted or anonymized after 14 months.

Cookie Consent with Real Cookie Banner