protection : a measure intended to preserve civil liberties and rights
§ 1 Name and address of the responsible party
Digitize the Planet e. V.
Tel.: +49 30 32793119
§ 2 General information on data processing
- Data that will be processed
– personal data (name, address, e-mail, telephone number)
– bank data in case of donation
– usage data (page views, access times…)
– meta/communication data (device information, IP address…)
- Data processed by
Website visitors (hereinafter “Users”).
- Data is processed for
– the provision of the service (operation of the website and platform)
– the administration and improvment of services
– the communication with users
– the analysis of user behavior
– internal operations (including troubleshooting, data analysis, testing, research and development, statistics and surveys)
- Legal basis of data processing
– Art. 6 (1) lit. a and Art 7 GDPR serve as the legal basis of the processing operations of personal data with obtaining the data subject’s consent.
– Art 6 (1) lit. b EU GDPR serves as the legal basis of the processing of personal data in the context of the performance of a contract.
- Security of data processing
The security of data processing is based on Art. 32 GDPR. In addition, Art. 25 GDPR applies, which ensures data protection through the appropriate design of technology and data protection-friendly default settings.
- Processors and third parties
– If we grant processors or third parties access to the data, transmit them or provide insight, the legal permission is fundamental (e.g. transmission requirement for payment processing (contract performance = Art. 6 para 1 lit. b GDPR), the consent of the user is available, there is a legal obligation or we protect our legitimate interest.
– Order processing by third parties is carried out based on Art. 28 GDPR.
- Data deletion and storage period
If the purpose of storage ceases to apply, personal data will be deleted or blocked (Art. 17 and 18 GDPR). Deletion or blocking of data also occurs upon a standardized storage period (§§ 147 para. 1 AO, 257 para. 1 nos. 1 and 4, para. 4 HGB, 10 years).
§ 3 Rights of the users
- Information, processing, deletion
– Users have the right to information regarding the data collected about them, as well as a copy of the data following Art. 15 GDPR.
– Users can demand both the clarification and the correction of the data concerning them, following Art. 16 GDPR.
– Users have the right to request the deletion of their data (Art. 17 GDPR) or the restriction of the processing of their data (Art. 18 GDPR).
– According to Art. 20 GDPR, users may request the data collected or transfer it to third parties.
– Complaints can be submitted to the competent supervisory authority (Art. 77 GDPR).
Users have the right to revoke consent granted according to Art. 7 (3) GDPR.
- Objection & Cookies
– Users may object to the future processing of data concerning them at any time following Art. 21 GDPR.
– We hereby clarify the use of temporary and permanent cookies. The system setting of the browser allows users to disable the storage of cookies on their computer and to delete stored cookies. This may result in the limited functionality of the website.
§ 4 Statutory and business services
User data is collected following Art. 6 paras. 1 lit. f. GDPR processed based on our legitimate interest. Data of members, supporters, or other persons have been processed according to Art. 6 paras. 1 lit. b GDPR.
Data no longer required for our statutory and business purposes will be deleted. In the case of business processing, the data will be kept for as long as is necessary for business processing or concerning warranty and liability obligations.
§ 5 Contacting
User data collected in the course of contacting us will be processed to handle the contact request (Art. 6 para. 1 lit b) GDPR). User data may be stored in a CRM system.
§ 6 Newsletter
Newsletters, e-mails, and electronic notifications with advertising content are sent with the consent of the recipient or with statutory permission.
- Double opt-in and logging
After registering for the newsletter, users receive an e-mail requesting confirmation of registration. For this purpose, the time of registration and confirmation, as well as the IP address, are stored and the changes to the data stored with the dispatch service provider are logged.
- Registration data
To receive the newsletter, it is sufficient to provide the e-mail address. For a personal address, we optionally ask for a name.
- Dispatch & performance measurement
This requires the consent of the recipient pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 No. 3 UWG or, if consent is not required, the legitimate interest in direct marketing pursuant to Art. 6 para. 1 lt. f. GDPR in conjunction with Section 7 (3) UWG.
The legitimate interest in a secure, effective, and user-friendly system is fundamental for the logging of the registration process (Art. 6 para. 1 lit. f GDPR).
- Cancellation & Revocation
Users can cancel the newsletter at any time and revoke their consent. A corresponding link is provided at the end of each newsletter. Due to legitimate interest, the email address remains stored for up to three years before deletion to be able to prove the original existence of consent. The data will only be processed for the defense of possible claims. Upon confirmation of the formerly existing consent, users can submit an individual deletion request.
- Performance measurement
Technical information on the browser and the user system (IP address) is retrieved when the newsletter is sent. Furthermore, information on the opening of the newsletter as well as on the movements in the newsletter (clicks) are collected. This serves the statistical collection and evaluation of user behavior to adapt the content according to user behavior.
§ 7 Access data and log files
Every access to the server is logged by our hosting provider for legitimate interest (Art. 6 para. 1 lit. f. GDPR). The access data (website accessed, file, date and time of access, volume of data transferred, notification of successful access, browser type and version, user’s operating system, referrer URL, IP address, and provider) is recorded, stored for a maximum of 7 days and then deleted. If data is necessary for evidentiary purposes, it is excluded from deletion until the incident has been clarified.
§ 8 Google Analytics