This data protection policy fulfils the information obligations in accordance with the requirements of the EU’s General Data Protection Regulation 2016/679 (hereinafter referred to as "GDPR" or "DSGVO") and provides you with an overview of how your personal data (hereinafter referred to as "data") is processed on this website.
Digital Dignity Verein
c/o Stiftung Haus der Demokratie und Menschenrechte
Greifswalder Straße 4
E-mail: annanackt (at) mailbox.org
Hereinafter the responsible person will be referred to as “we” or "the Association".
You can exercise the following rights at any time using the contact details provided above:
- Information about your data stored by us and its processing (Art. 15 DSGVO)
- Correction of incorrect personal data (Art. 16 DSGVO),
- Deletion of your data stored by us (Art. 17 DSGVO),
- Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 DSGVO),
- Objection to the processing of your data by us (Art. 21 DSGVO) and
- Data portability, provided that you have consented to the data processing or have concluded a contract with us (Art. 20 DSGVO).
If you have given us consent, you can revoke it at any time with effect for the future.
You may at any time lodge a complaint with a supervisory authority, e.g. the competent supervisory authority in the federal state of your residence.
You can find the contact details of the authorities responsible in Germany here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Personal information we collect
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. For instance: Inventory data (as names, addresses), Contact data (as e-mail, phone numbers, mailings), Content data (as text input, videos, photos), Usage data and Meta data (as IP-addresses, Device Information).
The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data to fulfil a contract or for measures preliminary to a contract.
Reasons for collecting the data
To Provide our service online
To respond to your requests and communicate with you
Ratings measurement/marketing: when in line with the preferences you have shared with us, provide you with information or advertising relating to our services.
According to Art. 13 GDPR we inform you about our data processing. The legal basis for obtaining of permits is Art. 6 Sect. 1 lit. a and Art. 7 GDPR. According to Art. 6 Sect. 1 lit. b GDPR we process data and personal information. Legal basis of our legal obligations is Art. 6 Sect. 1 lit. c GDPR and Art. 6 Sect. 1 lit. f GDPR.
We may process Personal Data relating to Users if one of the following applies:
- Users have given their consent for one or more specific purposes. Note: Under some legislations we may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law;
- Provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
- Processing is necessary for compliance with a legal obligation to which we are subject;
- Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Association;
Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party.
In any case, the Association will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
The Association takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Application (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Association. The updated list of these parties may be requested from the Association at any time.
Sharing of personal information
We only share your Personal Information with third parties after you accepted the sharing of your personal data.
We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
Transfering personal data out of the EEA
Whenever we transfer your personal information out of the EEA to countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on one of the following safeguards recognized by the European Commission as providing adequate protection for personal information, where required by EU data protection legislation:
- Contracts approved by the European Commission which impose data protection obligations on the parties to the transfer. For further details, see European Commission Model contracts for the transfer of personal information to third countries.
- For transfers to third parties in the United States, ensuring they participate in the EU-US Privacy Shield Framework.
Data subject rights
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information above.
Additionally, if you are a European resident, we note that we are processing your information in order to fulfil contracts we might have with you, or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
Most data processing operations are only possible with your express consent. You may revoke your consent at any time.
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by online service providers in order to (for example) make their websites or services work, or to work more efficiently, as well as to provide reporting information.
Cookies set by the website owner or service provider are called “first party cookies”. Cookies set by parties other than the website owner are called “third party cookies”. Third party cookies enable third party features or functionality to be provided on or through the website or service you are using (such as advertising, interactive content and analytics). The third parties that set these third-party cookies can recognize your computer both when it visits the website or service in question and also when it visits certain other websites or services.
You can configure your browser to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.
- Whether we have a legal or contractual need to retain the data.
- Whether the data is necessary to provide our Services.
When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.
If you contact us via email or the contact form, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all.
The legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR.
Displaying content from external platforms
This type of service allows you to view content hosted on external platforms directly from the pages of this Application and interact with them. This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.
Last updated: September 18th, 2021